On Fri, Nov 30, 2001 at 10:54:22AM +0100, Manfred Haertel wrote: > Hello! > > Is there a way for a CGI script to find out how long the currently used > SSL session is still valid, in other words, how many seconds of > SSLSessionCacheTimeout still remain? > > I asked this question already on the modssl mailing list, but I got no > answer, so I thought I'd ask the OpenSSL experts here. > > The modssl interface gives me the session key and the SSL session ID in > environment variables, but not the remaining time. Is there any chance > to access the time from a CGI script?
As far as I could see from the mod_ssl sources, the corresponding data are not exported to environment variables. I don't think it would be to difficult to extend mod_ssl to also export these data. The "ssl_hook_Fixup_vars" table would need to be extended in ssl_engine_kernel.c by the required variables and the "ssl_var_lookup_ssl()" function in ssl_engine_vars.c would need to be needed to handle these variables. I think, that if you grep for SESSION_ID in pkg.sslmod/ you will easily get an idea. Without source modification, you won't get the information. Best regards, Lutz PS. With respect to the SSL_SESSION timeout settings: man SSL_SESSION_get_time -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]