[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Session Resumption problems with JSSE-OpenLDAP



> I modified ldapsearch to run repeatedly, unbinding each time but preserving
> the SSL session handle for re-use on each iteration. After the first
> connection established a new session, all of the subsequent
> iterations worked fine resuming the session.

By the way, it might be nice to come up with a clean option for SSL session
re-use in the client library. We need a flag to tell the library not to free
the SSL session during sockbuf teardown, and a place to store the SSL pointer
so that it can be re-used the next time ldap_int_tls_connect() runs.

Since the LDAP structure itself is freed during an unbind, I had to manually
retrieve the SSL pointer [ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX)] at the
app level. I added an ld->ld_ssl field to temporarily hold the SSL pointer
and a set_option() to set its value. In ldap_int_tls_connect I check for and
use the field and zero it, so re-use only happens once. It's not clear how to
make this work for an LDAP handle that has multiple active connections.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support