Changeset 1348 for trunk/server/common

Timestamp:
Nov 8, 2009, 11:02:18 AM (14 years ago)
Author:
mitchb
Message:
Prompt for certs once, not five bajillion times (fix SSL session caching)

Clients that support both the SNI extension and the TLS Session Tickets
extension have problems that, among other things, result in many of our
cert-protected sites requesting the user's certs an inordinate number
of times.  This will supposedly be fixed in later versions of openssl,
but in the meantime, this applies the patch proposed here:

  http://mail-archives.apache.org/mod_mbox/httpd-dev/200911.mbox/ajax/%3c4AF58A80.5080101@velox.ch%3e

with the following modifications:
  o Remove the documentation chunk of the patch (it applies to the source
    XML file which isn't part of the distribution tarball)
  o Expand the macro SSL_CTX_set_tlsext_ticket_keys in two places to work
    around the typo in our version of openssl corrected by this upstream
    commit:
      http://marc.info/?l=openssl-cvs&m=124638969912935&w=2
File:
1 added

Note: See TracChangeset for help on using the changeset viewer.