Sorry for late reply.

On Thu, Nov 10, 2011 at 11:04 AM, Eric Hodel <drbrain / segment7.net> wrote:
>>> I will update the patch to check for the timeout, I did not know it
>>> existed.
>>
>> OpenSSL has a client session cache in SSLContext but it's not so
>> useful because you need to keep Sessions by yourself, and pick proper
>> Session for each server.  Here's a sample usage of client session cache:
>>
>> https://github.com/nahi/httpclient/commit/7fc04933961ea3ea5a2aa595172ca7=
cd29a718f5
>>
>> You would want to implement session cache instead.
>
> I think enabling the session cache is useless for net/http because it is =
single-connection oriented.  Instead, just using an ivar to store the sessi=
on is OK.
>
> In http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html, e=
nabling SSL_SESS_CACHE_CLIENT says:
>
>> Client sessions are added to the session cache. As there is no reliable =
way for the OpenSSL library to know whether a session should be reused or w=
hich session to choose (due to the abstract BIO layer the SSL engine does n=
ot have details about the connection), the application must select the sess=
ion to be reused by using the SSL_set_session(3) function. This option is n=
ot activated by default.
>
>
> I think for net/http the client session cache is useless.  net/http only =
connects to one server per instance and will only have one context alive at=
 a time, so the cache will not hold more than one session at a time.

Indeed.  That's insufficient.

> Instead of jumping through the hoops of the client session cache (cache-m=
anaging class, callbacks) it will be easier to store the session in an inst=
ance variable after connect() and SSL negotiation (since there can only eve=
r be one item in the cache for net/http) and apply the session from the iva=
r via SSL_set_session (SSLSocket#session=3D) when we call connect() again.

I like the new patch. Let's commit it and see how it affects existing serve=
rs.

Thank you!