Hi Matt,
On 12/16/21 06:30, Matt Caswell wrote:
Yes, it is basically a resume I'm looking for - as the SSL_SESSION
won't be active in "Process 1" after i2d_SSL_SESSION; the process dies.
So, if its a resume you are attempting to achieve its unclear to me what
you wrote about transferring the socket descriptor to the parent
process. Since a resumption is effectively creating a new connection it
is normally on a complete new fd.
This is for a connection pool that caches connections to PostgreSQL --
this use-case is connections using TLS v1.2.
"Process 1" is triggered by a client which opens a TLS connection to
PostgreSQL, authenticates and uses the connection.
As the socket descriptor was created in the child process it needs to be
transferred to the parent in order to be valid for future processes.
Then the connection is put back in the pool; the server side isn't
closed, and all the state is cached in shared memory for the next client
to use.
So, a resume on the client side linking up against the existing server side.
This is strictly about being able to reuse an existing TLS connection,
because if I disable caching of connections using TLS everything is
working - but not much of a connection pool then.
Best regards,
Jesper