On Fri, Sep 11, 2009 at 12:51:15PM +1000, Andrew Sumner wrote:
> Victor, you've just described exactly what I've been trying to do. A clean
> shutdown on both sides, socket connection left open, then a "client HELLO"
> after which both sides initiate SSL again.
>
> I just can't seem to find a method of doing it that actually works.
Initially, does your client build an SSL connection over an already
(TCP) established connection passed to it as a file descriptor?
Initially, does your server accept an SSL connection over an already
(TCP) established connection passed to it as a file descriptor?
Do both parties call SSL_shutdown() at least once, and a second time if
the initial return value is zero?
Do you use an external session cache (store serialized SSL_SESSION
objects) in a store accessible to multiple processes via IPC or an
appropriate shared resource with robust locking? If so, the re-connect
will be efficient, if you pre-load the saved session into the client
SSL state.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
