On Wed, Apr 20, 2005 at 10:32:20AM +0100, [EMAIL PROTECTED] wrote:
> During the TLS negotiation and after the secure channel is set up
> different child processes will handle the request and will need access to
> the SSL connection. The SSL connections are allocated and freed using
> openssl library calls therefore are in the address space of the process
> that allocated. There is no method of telling openssl to use our block
> of shared memory for its needs.
>
> We solved a similar problem with LDAP connections by putting a tag
> into shared memory and each process has its own real LDAP connection
> to the server in local memory which it found using the tag. We don't
> think that this approach can be applied to openssl.
> >
> Does anyone have any ideas how this problem can be solved without threading
> the server.
>
Look at the Postfix source code, you can't share the physical connections,
but you can share a TLS session cache, so that additional sessions reuse
negotiated state eliminating per-connection public-key overhead.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
