Ok, I have a general idea of how to manage my own client side caching. My client already maintains a record for each server it connects to, and can store either a copy of the session, or a pointer to that session back in the SSL_CTX session cache. Which is better? I am trying to preserve the cache flushing and statistics capabilities that exist with the SSL context. If I just maintain a pointer to a session, what happens when the session is flushed - either because the whole cache was flushed or the session expired? Doesn't it turn into a pointer to oblivion? I would like to keep the sessions in the SSL_CTX cache, because flushing old sessions will be easier, and I get the session reuse stats for free. If I have to, I can just check each session when the server is accessed again, but it will mean modifications to the record maintennance routines to make sure the session is freed - not impossible, but a mild headache, anyway. I will maintain only a single connection to any server at a given time, so the timeout on the session will be quite a bit longer than the timeout on the connection - otherwise it wouldn't be much use. I may also decide to update the timestamp on the session at each access. Any and all help is, of course, greatly appreciated. Cheers Lou ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
