SSL Session Cache

[Ben Laurie <be...@algroup.co.uk>]

OK, so now that SSL works a bit, we need to start talking about plugins.
The simplest (and therefore the first) is the session cache. Although
this feels a bit weird to me, I guess that needs to be modelled as some
hooks. The two hooks required would be one that puts something in the
cache, and one that gets something out. Their interfaces should look
like this (I guess):

add_to_cache(const unsigned char *aucKey,int nKey,const unsigned char
*aucData,int nData,time_t tExpiry);

get_from_cache(const unsigned char **paucData,int *pnData,time_t
*ptExpiry,const unsigned char *aucKey,int nKey);

I presume that add_to_cache should run all of them, and get_from_cache
should run to the first one not returning DECLINED. This would allow
local, global and distributed caches to all coexist happily. I think.

One complication is that OpenSSL's cache doesn't store the client
certificate chain (if there is one) - I'm still not quite sure whether
this should be fixed in OpenSSL, or whether mod_tls should (optionally)
do it itself.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff