I am trying to terminate a two-way SSL session after a user successfully logs off. I need to terminate the SSL session on the server because the client application is in a kiosk and the user cannot close the browser or clear the SSL cache.
In Serge's response below he refers to 'my own module'. Is he modifying the mod_ssl module and deploying that or can I directly make calls to the mod_ssl module in a custom c module? Sorry I am not familiar with c modules but am familiar with perl modules and have written authn and authz handlers. I appreciate any help you can provide. Andy Hale Serge Hauser wrote: Tue, 24 Oct 2006 06:53:50 -0700 Hi all, i try to terminate a session in my own module by setting the creation time and flushing the cache, unfortunately by the next request from the same client i get the same session again. (actually it seems to take it from the cache (ignoring the openssl sessioncache attributes). is there any way i can force mod_ssl to explicitly invalidate a session so it will get deleted from the cache aswell ? the code is use is basically: r->connection->keepalive = -1; ssl_sess = SSL_get_session(ssl); ssl_ctx = SSL_get_SSL_CTX(ssl); SSL_CTX_remove_session(ssl_ctx, ssl_sess); SSL_SESSION_set_time(ssl_sess, 0); SSL_CTX_flush_sessions(ssl_ctx, time(0)); ssl_sess->not_resumable = 1; anyone has a hint for me what i am doing wrong or what i additionally need to do to get rid of the session ? thanks Serge Andy Hale Modis IT DEERS/Defense Manpower Data Center Phone: (831) 583-2500 Ext. 4719 Email: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
