> Why does the application cleans the easy handle? If one wants to reuse
> an easy handle for a new connection, then just reuse it.
> The SSL_CTX is simply reused as it is.
I haven't really reused easy handles up until now, but I would give it a
look. I'm not too sure it fits into my usage pattern, but it is certainly an
option so thanks for pointing this out.

In my application, I should support multiple concurrent accesses to the same
site, hence multiple easy handles exist concurrently and hence a different
solution (like the one I proposed) is required.

> When using MANY easy handles, then sharing makes sense, but this
> can then be done in an easier way (at least with openssl).
> Create only new SSL_CTX when you have to modify some parameter with one
> of the set functions. You can SSL_CTX_dup an existing one first.
> when a new SSL is added to it, there is a reference count logic to
> indicate how many SSLs are pointing
> to it. Or, in other words, openssl already supports sharing of SSL_CTXs.
I was thinking of extending the lifespan of the SSL_CTX beyond that of the
easy handles that use it - the share object persists even when no active
easy objects are alive (which again happens in my application). Indeed I
intend to make use of the sharing openssl offers, but I am still required to
keep track of the live SSL_CTX objects, and this can be done using the share
mechanism.

Cheers,
Shmul
Received on 2007-02-27