Re: Contract of d2i_SSL_SESSION ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Matt,

On 12/16/21 06:30, Matt Caswell wrote:
Yes, it is basically a resume I'm looking for - as the SSL_SESSION won't be active in "Process 1" after i2d_SSL_SESSION; the process dies.

So, if its a resume you are attempting to achieve its unclear to me what you wrote about transferring the socket descriptor to the parent process. Since a resumption is effectively creating a new connection it is normally on a complete new fd.


This is for a connection pool that caches connections to PostgreSQL -- this use-case is connections using TLS v1.2.

"Process 1" is triggered by a client which opens a TLS connection to PostgreSQL, authenticates and uses the connection.

As the socket descriptor was created in the child process it needs to be transferred to the parent in order to be valid for future processes.

Then the connection is put back in the pool; the server side isn't closed, and all the state is cached in shared memory for the next client to use.

So, a resume on the client side linking up against the existing server side.

This is strictly about being able to reuse an existing TLS connection, because if I disable caching of connections using TLS everything is working - but not much of a connection pool then.

Best regards,
 Jesper




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux