On Mon, Sep 11, 2000 at 12:18:04PM +0300, Wirta, Ville wrote:
> I'd also be VERY interested of this session-cache-thing but I've allready
> seen two different (as I understood) ways to accomplish this and I'm
> confused. I wonder if there is a "session-how-to" somewhere or a simple
> example. I'd also like to know if it is a must to be able to touch the
> client code. My clients are browsers and I've heard that atleast Apache is
> capable of caching sessions. How does Apache do it? I mean if the browser
> does'nt suggest a session number like someone said before?
Session caching requires two sides, the client side the server side.
On the client side, the caching and the selection of the correct session
is to be performed by the client program and cannot be done automatically
by the OpenSSL library.
For the server side, the library does cache sessions up to a maximum of
128(?) sessions and limited by a certain timeout. This cache is kept
in memory and might help if you only have a single process that performs
connections one after the other. (I don't have experience with threading.)
If you have concurrent server processes, you must use an external caching
mechanism to exchange the data between the processes.
Apache-mod_ssl can use either shared memory or a ndbm work-alike database.
I use the same approach (ndbm work-alike database) to perform multi-process
session caching for my Postfix/TLS package (available from my homepage, see
my .signature).
For learning about it, I read the documentation provided by EAY and still
available in doc/ssleay.txt and studied mod_ssl. The rest was some
experimenting and reading the source :-)
If your browsers would not propose a session to be reused, session caching
would be impossible because the protocol requires it this way, there is
no other way to do it.
> So, is it just a matter of a few fuction calls or do I have to change my
> hole program to get this work? I wish I was so good I'd be able to find it
> out my self but as I am what I am I'm gratefully waiting for knowledge given
> from above :-)
It's not that difficult. I am currently writing on some documentation about
this, but it will rather be man-pages for the SSL-functions and not
a caching how-to.
Well, if I sum up all the time writing about these issues on the mailing list,
I could already have written this chapter for the not-yet-existing
"OpenSSL Library User's Guide" :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
