Bodo Moeller <[EMAIL PROTECTED]> writes:
> On Tue, Sep 14, 1999 at 10:25:55AM +0100, Ben Laurie wrote:
> > [EMAIL PROTECTED] wrote:
> >> [EMAIL PROTECTED] (Bodo Moeller) writes:
>
> >>> I have not looked too closesly at this issue, but shouldn't this part
> >>> of ssl_get_prev_session (which is exectuted right before the succesful
> >>> return) appropriately take care of it?
>
> >> Hmm... The behavior is a bit more like what I would expect if this is
> >> moved up so that it is invoked /before/ the get_session_cb? I'll have to
> >> look into this a bit more closely.
>
> > In the case of an external session cache, it is its responsibility to
> > enforce whatever aging policy it has.
>
> You have to implement your own policy for getting rid of stale entries,
> but I don't think the SSL library will continue to actually use them
> when the timeout has expired.
There is the additional responsibility that whatever timeout is set in this
external cache, must also be set in OpenSSL's own internal session cache
with SSL_set_timeout(...).
This is all theory at this point, but it seems as though there is a problem
with SSL_set_timeout(...) (or my use of it). Hmm... Perhaps all that's
needed is an NO_INTERNAL_LOOKUP check here?
-Tom
--
Tom Vaughan <tvaughan at aventail dot com>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
