> [[email protected] - Sun Sep 05 19:44:26 2010]: > > The latest patch was modified to maintain the previous values of > new_session for legacy applications. We can either break > compatibility of a few applications, if any, by adding a new field > or by adding new values. I don't see any possibility to avoid this > at all. >
Well as long as the meaning of new_session is retained by default there is no compatibility issue. No existing applications will call SSL_renegotiate_abbreviated() so there are no problems with enabling additional functionality after that call. As I understand it currently the problem is that if new_session is set to 0 it will renegotiate and always create a new session. Could we have a new value set by SSL_renegotiate_abbreviated(), for example 4, which means "renegotiate and resume if possible". Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
