Thank you. I was trying SSL_Shutdown() and creating a new SSL structure. 2nd SSL_Connect() was failing with vague errors. I will try SSL_clear().
--Satish On Mon, Jun 8, 2009 at 1:38 PM, Kyle Hamilton<[email protected]> wrote: > It won't matter in that case (the CAs still don't match each other, > unless you add CA1 to the client's trust store), but yes, you can > SSL_clear() to make the socket reusable. > > -Kyle H > > On Mon, Jun 8, 2009 at 7:40 AM, Satish Chandra > Kilaru<[email protected]> wrote: >> Hi >> >> I am developing SSL client and server programs. These are NOT general >> purpose SSL client and server programs. >> At the beginning of the world they will have a CA1 and certificates >> signed by CA1. >> >> After some time, client is is configured with a new CA called CA2. >> >> Now client is trying to connect to server and opens a socket and calls >> SSL_Connect(). Server sends his certificate. Client notices that >> server has a older CA and returns UNKNOWN CA error. >> >> At this point can we reuse the socket by cleaning up the old SSL >> connection and recreating a new one? >> >> --Satish >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [email protected] >> Automated List Manager [email protected] >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
