Another thing I've noticed while trying to get my distributed session cache
to work:
OpenSSL maintains an internal cache, and automatically expires sessions when
they have passed their timeout. This is done by comparing the "time" member
of the SSL_SESSION struct against its "timeout" member. If the timeout has
passed, OpenSSL calls the remove_session callback and generates a new
session.
In order to get distributed caches to work properly with longer timeouts, I
had to write a new vendor hook into ssl_engine_scache.c that calls
"fix_timeout" before the SSL_SESSION is returned from scache_retrieve. This
sets the expiration time in the SSL_SESSION struct to the expiration time of
my distributed cache entries, not the local mod_ssl cache entries. Now
OpenSSL will recognize my session until it expires in the distributed cache,
not just the mod_ssl cache.
This also eliminates the need to explicitly call ssl_dbm_store() or
ssl_shm_store() after I fetch a session from the distributed cache.
J
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
