When SSL_SESS_CACHE_NO_INTERNAL_STORE is set, a session will not be added to the cache in ssl CTX. Instead, it will be added to an external cache for some reasons. When remove_session is called, it will try to find the item from the session cache in ssl CTX and will be certainly failed. As a result, the session in external cache will not be removed in time.
I think remove_session_lock should be updated to address this issue. Protected by Websense Hosted Email Security -- www.websense.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
