httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: RFC: extracting the mod_ssl session cache interface
Date Mon, 25 Feb 2008 22:54:58 GMT
Joe Orton wrote:
> The session cache interface in mod_ssl on the trunk is now mostly SSL- 
> and mod_ssl-agnostic with respect to the data storage and configuration.  
> There is still some tight coupling between the session cache and the 
> ssl_mutex interface, but that's next on my hit list.
> Is there any interest in seeing this extracted from mod_ssl and made 
> available for general use?  It could probably e.g. be used by 
> mod_auth_digest for the MD5-sess code, and I can think of some 
> third-party modules which could probably use it too (mod_gnutls).
> My vague plan would be to finish de-SSL-ifying the code, then moving it 
> to modules/cache and calling it mod_sesscache or mod_socache ("small 
> object") or something along those lines.

Well I can think of a several applications for de-SSL-ifying or 
specifically de-SSL_SESSION-ifying (i.e. being able to store things 
other than SSL_SESSION) the code straight off.

Both SSL related.

The OCSP stapling patch hacked the cached OCSP response data into an 
SSL_SESSION structure to minimised the changes. A general purpose object 
cache would make it much cleaner.

If it could hold (potentially) larger objects or large numbers of small 
objects then it could help make the CRL code more usable.

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message