RE: Session Resumption problems with JSSE-OpenLDAP

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 11:27 PM 2002-09-03, Howard Chu wrote:

>> I modified ldapsearch to run repeatedly, unbinding each time but preserving
>> the SSL session handle for re-use on each iteration. After the first
>> connection established a new session, all of the subsequent
>> iterations worked fine resuming the session.
>
>By the way, it might be nice to come up with a clean option for SSL session
>re-use in the client library. We need a flag to tell the library not to free
>the SSL session during sockbuf teardown, and a place to store the SSL pointer
>so that it can be re-used the next time ldap_int_tls_connect() runs.
>
>Since the LDAP structure itself is freed during an unbind, I had to manually
>retrieve the SSL pointer [ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX)] at the
>app level. I added an ld->ld_ssl field to temporarily hold the SSL pointer
>and a set_option() to set its value. In ldap_int_tls_connect I check for and
>use the field and zero it, so re-use only happens once. It's not clear how to
>make this work for an LDAP handle that has multiple active connections.

Or when multiple hostnames for one are provided... or when one
hostname refers to multiple addresses, possible different servers,
..., etc..