we have a client-server application pair (ok, the server side is
tomcat), the client is using an Aladdin eToken w/ openssl and
engine_pkcs11 and aladdin's driver. thats all fine and working now.
the client application has long running persistence, eg, once its
running, it stays up for days/weeks as its a dedicated system sort of
thing. the client makes periodic queries to the tomcat server, server
responsds, yada yada yada...
our security auditors yanked the token out, and the client continues to
work, like its cached the SSL authentication and continues to reuse the
same session.
so, what exactly should we be doing from our xmlrpc-over-ssl client to
ensure each of our macro "transactions" re-authenticates from scratch?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org