cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL session IDs and caching them...

From: Cris Bailiff <c.bailiff_at_awayweb.com>
Date: Tue, 06 Nov 2001 20:54:03 +1100

> I am not aware of any functions in the OpenSSL libraries though, that would
> let us output a printed version of the ID, and one that would convert a given
> printed version back to an internal ID struct version again...

OpenSSL has functions which can serialise the current SSL state to a
buffer of your choice, and recover/reset the state from such a buffer at
a later date - this is used by mod_ssl for apache to implement and SSL
session ID cache which is either stores in a shared memory segment or in
a DBM file on disk. Some variants of apache (such as, I believe,
stronghold) even go as far as to put the session info into a MySQl
database, so that a whole cluster of apaches can share a single SSL
session ID cache.

The mod_ssl/EAPI extensions to mod_proxy make mod_proxy use a cache when
doing proxy-client ssl connections too.. (In fact, it uses the same
cache as the regular server, as an ID collision is pretty unlikely :-) )

I haven't looked at that bit of code in ages, but it seemed pretty
straightforward. Curl should probably implement these as as callbacks in
libcurl, which are called to store or fill 'some buffer' for a
particular ID.

No time just now, but thought I'd mention it....
Cris
Received on 2001-11-06