On Thu, 6 Jul 2006, Lewthwaite, Robert (Contractor) wrote:

> Will curl_easy_setopt(g_curl, CURLOPT_FORBID_REUSE, TRUE); achieve this or
> is there something else required.

No, the reuse in this context is for connections not session ID. There's in
fact no option to libcurl to avoid using a Session ID. Until now, nobody ever
asked for it and I still don't actually understand why you want to avoid it.

> I am writing a service client which sits in memory and takes requests to
> send and receive data via HTTPS and I wish to be able to configure it to
> reuse the SSL session id or create a new one each time it connects.

Then you need to add such an option to libcurl.

> It is not allowed to keep the connection open once the response has been
> processed.

Well, the connection of course have to get closed for the session id to be
re-used.

> If reusing the SSL session id is percieved as a risk I have to be able to
> disable it.

"If" being the keyword here. Who considers it to be a risk and why?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html