Greetings. I wonder if session-id generator really provide uniqueness.
The def_generate_session_id check uniqueness by calling SSL_has_matching_session_id. (ssl_sess.c) SSL_has_matching_session_id check uniqueness by calling lh_retrieve(ssl->ctx->sessions, &r). (ssl_lib.c) So, if SSL_has_matching_session_id doesn't call get_session_cb (as in get_prev_session, i.e. doesn't check external cache), i suspect that uniqueness are only local, not cache-wide. Am i missing something, or this is an error? -- Best regards, Anthony Pankov mailto:[EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
