On Mon, Jul 10, 2000 at 07:50:06PM +0200, [EMAIL PROTECTED] wrote:
> I hope you will help me again:
> How do I reuse a SSL-Session on the client-side?
> I'm writing a Http-SSL-Client based on Open-SSL.
> I do a simple socket connect, then use SSL-connect on the socket.
> This is where (in my opinion) Open-SSL and the Webserver are creating a SSL-Session.
> On webserver-side this is taking a lot of cpu-power.
> After a request, the webserver shuts down the connection.
> So I do a new socket-connect.
> An little example of code is at the end of this message.
> My Question is: What will I have to do to reuse the previously created SSL-Session?
You have to extract the session on the client side and manually re-load it,
as the SSL-client-engine has no idea to which server it is connected.
You get the session with SSL_get_session(). Then later, just before the
SSL_connect, you set the session with SSL_set_session(ssl, old_session).
Remark: I "get" the sessions and save them into an external database,
later reload them from the database, so I don't have the following problem:
SSL_get_session() does not create a copy of the session for you, just a
pointer to the place where the session is stored. Hence, the session might be
(re-)moved inside the SSL-engine and the SSL_set_session() might fail.
You must hence create your own copy of the session to avoid this problem,
check out i2d_SSL_SESSION() for that.
Best regards,
Lutz
PS. As I told you I use it, so you can have a look into the source of
my Postfix/TLS patchkit (available at my homepage) for an example.
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
