Louis LeBlanc wrote:
>
> Hey all. I kind of feel like I'm beating a dead horse here, and that
> this question may have been answered already, but here goes.
>
> I have a client app that needs to connect to any number of servers and
> cache sessions. This app will be expected to create up to 100
> connections per second, with possibly hundreds of servers being visited
> each minute (this is peak performance, not necessarily a constant load).
>
> Anyway, from the previous threads on the subject, I am sure I have to
> tell the client which session to reuse. It can't be as simple as just
> saying reuse the latest session ID, can it?
>
> It seems that if I go to a server, say dogs.com, the session gets cached
> when the connection is successful. Then if I go to cats.com, that
> session is cached the same way. If I then go back to dogs.com, I need
> to know 'this' session was for cats.com, 'that' one was for dogs.com,
> etc. The problem is that I can't seem to find any server specific info
> in the session structure - except for the cert, and this may have info
> that doesn't exactly match my records. Do I have to search through the
> entire cache for the right session, or can it be done by OpenSSL?
> Should I build my own cache and just copy the session into my own
> structure containing the connection info I need?
>
> I do understand that the SSL client has no way to know anything about
> where it is connecting to (of course the app should), and Lutz, I think
> you clarified that a bit in a previous thread on the subject.
>
> I studied some of the stunnel code, as one reader was kind enough to
> point me to, and it was helpful, but it really has a limited use of the
> cache. It actually only connects to a very few servers as a client -
> one per instance, I think. This makes it fundamentally different in
> that respect from the app I mentioned.
>
> Any help, further clarification, pointer to a howto, sample code, etc.
> is, as always, greatly appreciated.
>
> Lou
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
Ok, here's what I have so far:
I turned on cacheing during the OpenSSL initialization in my app, then
created a mechanizm to purge expired sessions every half hour. The
entire cache is also purged, and stats are logged just before the logs
are rolled for backup.
I also added to existing signal traps the ability to force the stats
logging (along with the thread status dump), purge the expired sessions
(a config refresh) and purge the whole session cache (force a log
roll).
So it looks like the process grows at a much more controlled rate, and I
have a very high degree of session reuse (up to 80 connections per
session on average). However, I am not setting any sessions before
SSL_connect(). It seems to be doing it on its own. I was under the
impression this wouldn't happen - I just wanted to test my monitoring
mechanism.
The other odd thing, is that even though the number of sessions
currently in the cache may drop slightly, the size of the process will
continue to grow. I was under the impression that clearing expired
sessions from the cache freed the memory allocated for a session.
Any ideas?
TIA
Lou
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
