On Wed, Jun 12, 2002 at 08:03:32PM -0700, Priya Roy wrote:
> I need to use multiple client processes connecting to
> various different servers over https using openssl. I
> want to share the session info between processes when
> connecting to the same server, using some form of IPC.
>
> My question is: In order to reuse a session id, does
> the ssl object need to be created from the same
> SSL_CTX ?
> The Notes section of the Man page for SSL_set_session
> seems to say so.
Yes and no. :-)
> Could someone please clarify ?
Yes, I can.
> Thanks,
> Priya.
>
> P.S. The notes section says -
> SSL_SESSION objects keep internal link information
> about the session cache list, when being inserted into
> one SSL_CTX object's session cache. One SSL_SESSION
> object, regardless of its reference count, must
> therefore only be used with one SSL_CTX object (and
> the SSL objects created from this SSL_CTX object).
What is meant is the following: you can have several SSL_CTX objects
in one process, e.g. by
SSL_CTX_new(ctx1); SSL_CTX_new(ctx2);
Now, you must not share SSL_SESSION objects between ctx1 and ctx2.
If you export/import (d2i_SSL_SESSION()/i2d_SSL_SESSION()) the contents of a
session, you get completely independent objects, which you can use at your
convenience and share them between clients.
Postfix/TLS does use this scheme. Connections are set up from different
"smtp" processes, which share exported sessions from a sdbm database.
(sdbm is a public domain ndbm implementation; I have extended the table
sizes from 1024bytes so that SSL sessions fit into it.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
