[Date Prev][Date Next]
RE: Session Resumption problems with JSSE-OpenLDAP
> I modified ldapsearch to run repeatedly, unbinding each time but preserving
> the SSL session handle for re-use on each iteration. After the first
> connection established a new session, all of the subsequent
> iterations worked fine resuming the session.
By the way, it might be nice to come up with a clean option for SSL session
re-use in the client library. We need a flag to tell the library not to free
the SSL session during sockbuf teardown, and a place to store the SSL pointer
so that it can be re-used the next time ldap_int_tls_connect() runs.
Since the LDAP structure itself is freed during an unbind, I had to manually
retrieve the SSL pointer [ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX)] at the
app level. I added an ld->ld_ssl field to temporarily hold the SSL pointer
and a set_option() to set its value. In ldap_int_tls_connect I check for and
use the field and zero it, so re-use only happens once. It's not clear how to
make this work for an LDAP handle that has multiple active connections.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support