httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: RFC: extracting the mod_ssl session cache interface
Date Tue, 26 Feb 2008 16:15:13 GMT
On Mon, Feb 25, 2008 at 10:54:58PM +0000, Dr Stephen Henson wrote:
> Well I can think of a several applications for de-SSL-ifying or 
> specifically de-SSL_SESSION-ifying (i.e. being able to store things other 
> than SSL_SESSION) the code straight off.
>
> Both SSL related.
>
> The OCSP stapling patch hacked the cached OCSP response data into an 
> SSL_SESSION structure to minimised the changes. A general purpose object 
> cache would make it much cleaner.

Yeah, this was part of my motivation for doing this work.

> If it could hold (potentially) larger objects or large numbers of small 
> objects then it could help make the CRL code more usable.

I'm not sure exactly what you're referring to there (caching CRL lookup 
results?), but it depends on what exactly you mean by "large" and 
"small", in any case.  shmcb might need to be tuned differently to be 
useful for caching small numbers of large objects; Google says memcache 
will handle objects up to 1MB by default; so, quite "large".

shmcb could probably take hints from the cache consumer on average 
object size & count to partition the cache appropriately.

joe

Mime
View raw message