> From: Salz, Rich > > OpenSSL does nothing about this. It’s an interesting question. As for as > TLS/SSL is concerned, > it is only using the certificate at the time the connection is initially > established, and therefore > expiration (or revocation) during the application’s use of the certificate is > up to the application. > The only practical use that I can imagine is using something in the cert (DN > or an extension) for > authorization decisions…
If the application has the need to re-verify the certificate on SSL level, it can renegotiate the connection's SSL parameters. Alternatively, it can close down the current connection and establish a new one. Both ways cause a new handshake to be started. HTH, Patrick Eisenacher