Hello,
I have been playing with the (experimental) ssl proxy support. After
fixing a bug (fixed in 2.6.6), i got it to work.
I discovered a problem though. The session cache is not used at all
in proxy mode, which makes the connection setup slow. A new session
is created each time instead of using a previous session.
I've been looking at the mod_ssl code for a while and I think that
I have an idea of how to get support for session reuse in. The changes
shouldn't be that big.
The session cache is accessed by using the session-id as a key. But
in this case (outgoing connections) I would like to use host:port
(for the remote server) as the key, and get a session-id back if there
is one in the cache. Do we need other lookup funktions to the session
cache or can we use the existing functions? It's just a string, right?
We would need to add ssl_scache_retrieve() and ssl_scache_store() calls
in the ssl_ext_mp_new_connection().
Also, if we use only the session-id as a key, I think there could be a
problem with using the same cache for both incoming and outgoing
connections. For incoming connections we (openssl) generates the
session id. For outgoing connections the session-id is generated by the
remote end. If we only use the session-id as the key there is a
possibility of getting the same session-id for two unrelated sessions.
Comments?
--
Mats Josefsson ([EMAIL PROTECTED])
RSV IT
Mail to the address above will not be forwarded. If you want
to reach me when I'm not at RSV, use "[EMAIL PROTECTED]" instead.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
