> The vague idea I've gotten so far is that I need to somehow > transfer the SSL_SESSION to the new process. Examining the > output of SSL_SESSION_print_fp() I see that the session ID > and master key change every time SSL is initialized, so > simply reinitializing the SSL library in the new process > won't do.
> What do I have to do to let the child process use the host > application's secure socket? Is there some way I can dump > the session to a file -- or perhaps even fwrite SSL_SESSION > itself -- and and load it up in the new process, or do I > need to do something else? The short answer is no, there is no good/easy way to do this. You have three choices: 1) Extend OpenSSL to provide this support. This is a complex and tricky thing to do for a variety of reasons. 2) Use another SSL library that offers this feature instead of OpenSSL. 3) Use a proxy, with whatever listens to the SSL socket proxying data to and from a pipe or socket that you can hand off. I think it would be a good thing to extend OpenSSL so that it can output everything that's necessary to support a given SSL session as a DER object and to allow an SSL session to be initialized from a socket and a DER object, but that's not currently possible. As I understand it, there are quite a few thorny obstacles involved. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
