--- Xperex Tim <[EMAIL PROTECTED]> wrote: > I don't understand how your solution completely fixes things though. What if > the server is > restarted with caching disabled while the client still has sessions cached. > When the sessions > were cached by the client the session ID was not zero length so you validly > cached them. Yet you > run into the same problem when the server restarts. > > I realize this is an unlikely scenario but it lead me to think that the > problem should be fixed > elsewhere, namely in the OpenSSL client code. > > Am I following things correctly? > > Tim
I think in this case what would happen is that the client tries to reuse its saved session, however the server will return an empty session_id (session_id_length == 0). The client will then throw away the session it was trying to use and create a new one with session_id_length = 0. When the connection finishes an attempt will be made to cache the session, but since the session_id_length is 0 the session is rejected and not cached. So I think it works out okay. -- Jonathan __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]