Am 02.07.2013 14:17, schrieb Ivan Zhakov:
Hi,
Currently OpenSSL doesn't re-validate server certificate if existing
SSL session is reused using SSL_set_session(). Server certificate
chain also is not stored in SSL session.
Is it intentional behavior or just not implemented feature/bug?
It would be great to have server certificate validated independently
how SSL session was negotiated.
Why should someone using SSL_get_session/SSL_set_session want to redo
the certificate validation?
Best regards,
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
