On Tue, Sep 14, 1999 at 10:25:55AM +0100, Ben Laurie wrote:
> [EMAIL PROTECTED] wrote:
>> [EMAIL PROTECTED] (Bodo Moeller) writes:
>>> I have not looked too closesly at this issue, but shouldn't this part
>>> of ssl_get_prev_session (which is exectuted right before the succesful
>>> return) appropriately take care of it?
>> Hmm... The behavior is a bit more like what I would expect if this is
>> moved up so that it is invoked /before/ the get_session_cb? I'll have to
>> look into this a bit more closely.
> In the case of an external session cache, it is its responsibility to
> enforce whatever aging policy it has.
You have to implement your own policy for getting rid of stale entries,
but I don't think the SSL library will continue to actually use them
when the timeout has expired.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
