On Fri, Nov 30, 2001 at 10:54:22AM +0100, Manfred Haertel wrote:
> Hello!
>
> Is there a way for a CGI script to find out how long the currently used
> SSL session is still valid, in other words, how many seconds of
> SSLSessionCacheTimeout still remain?
>
> I asked this question already on the modssl mailing list, but I got no
> answer, so I thought I'd ask the OpenSSL experts here.
>
> The modssl interface gives me the session key and the SSL session ID in
> environment variables, but not the remaining time. Is there any chance
> to access the time from a CGI script?
As far as I could see from the mod_ssl sources, the corresponding data
are not exported to environment variables.
I don't think it would be to difficult to extend mod_ssl to also export
these data. The "ssl_hook_Fixup_vars" table would need to be extended in
ssl_engine_kernel.c by the required variables and the "ssl_var_lookup_ssl()"
function in ssl_engine_vars.c would need to be needed to handle these
variables. I think, that if you grep for SESSION_ID in pkg.sslmod/
you will easily get an idea.
Without source modification, you won't get the information.
Best regards,
Lutz
PS. With respect to the SSL_SESSION timeout settings:
man SSL_SESSION_get_time
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
