It won't matter in that case (the CAs still don't match each other, unless you add CA1 to the client's trust store), but yes, you can SSL_clear() to make the socket reusable.
-Kyle H On Mon, Jun 8, 2009 at 7:40 AM, Satish Chandra Kilaru<iam.kil...@gmail.com> wrote: > Hi > > I am developing SSL client and server programs. These are NOT general > purpose SSL client and server programs. > At the beginning of the world they will have a CA1 and certificates > signed by CA1. > > After some time, client is is configured with a new CA called CA2. > > Now client is trying to connect to server and opens a socket and calls > SSL_Connect(). Server sends his certificate. Client notices that > server has a older CA and returns UNKNOWN CA error. > > At this point can we reuse the socket by cleaning up the old SSL > connection and recreating a new one? > > --Satish > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
