[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Session Resumption problems with JSSE-OpenLDAP

To: <openldap-devel@OpenLDAP.org>
Subject: RE: Session Resumption problems with JSSE-OpenLDAP
From: "Howard Chu" <hyc@symas.com>
Date: Tue, 3 Sep 2002 23:27:03 -0700
Importance: Normal
In-reply-to: <NMEFLNHODBAOPDKNNJALMEMJDLAA.hyc@symas.com>

> I modified ldapsearch to run repeatedly, unbinding each time but preserving
> the SSL session handle for re-use on each iteration. After the first
> connection established a new session, all of the subsequent
> iterations worked fine resuming the session.

By the way, it might be nice to come up with a clean option for SSL session
re-use in the client library. We need a flag to tell the library not to free
the SSL session during sockbuf teardown, and a place to store the SSL pointer
so that it can be re-used the next time ldap_int_tls_connect() runs.

Since the LDAP structure itself is freed during an unbind, I had to manually
retrieve the SSL pointer [ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX)] at the
app level. I added an ld->ld_ssl field to temporarily hold the SSL pointer
and a set_option() to set its value. In ldap_int_tls_connect I check for and
use the field and zero it, so re-use only happens once. It's not clear how to
make this work for an LDAP handle that has multiple active connections.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: Session Resumption problems with JSSE-OpenLDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: Session Resumption problems with JSSE-OpenLDAP
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: RE: Session Resumption problems with JSSE-OpenLDAP
Next by Date: RE: Session Resumption problems with JSSE-OpenLDAP
Index(es):
- Chronological
- Thread