Rich Salz <[EMAIL PROTECTED]>:
> Unfortunately, the OpenSSL wrapper around gethostbyname cache's lookup
> results forever, so you'll need to restart your application. I know you
> said you can't do that. Good luck figuring out how to address this.
>
> Infinite caching of gethostbyname() results is a bug, so I added -dev
> back to the list. A proper solution would involve lower-level DNS
> queries and using the real TTL. Two hack solutions would be to make the
> timeout be an hour or for applications to spawn a thread that calls
> BIO_ghbn_ctrl() with the 'flush' argument on a regular basis. Perhaps
> the best solution is to make the ghbn cache a config option, turned off
> by default.
I guess we should just get rid of the cache. The gethostbyname()
implementation can handle caching if appropriate.
Actually in many cases it probably is also a bug to try just one
address if a host has multiple addresses, and to just try TCP over
IPv4. I consider those 'socket connect' BIOs example code suitable
for some simple applications; they are not really a fully-functional
part of the library. The core library does not care about networking
details -- usually the appropriate level of abstraction is to handle
the library a connected socket (or a pipe),
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]