added session caching support to NetSSL

NetSSL_OpenSSL/include/Poco/Net/SSLManager.h

@@ -1,7 +1,7 @@
 //
 // SSLManager.h
 //
-// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#6 $
+// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#8 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
@@ -9,7 +9,7 @@
 //
 // Definition of the SSLManager class.
 //
-// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
 // and Contributors.
 //
 // Permission is hereby granted, free of charge, to any person or organization
@@ -90,14 +90,48 @@ class NetSSL_API SSLManager
 	///            </privateKeyPassphraseHandler>
 	///            <invalidCertificateHandler>
 	///                 <name>ConsoleCertificateHandler</name>
-	///                 <options>
-	///                 </options>
 	///            </invalidCertificateHandler>
-	///            <cacheSessions>true|false</cacheSessions>
+	///            <cacheSessions>true|false</cacheSessions>       <!-- server only -->
+	///            <sessionIdContext>someString</sessionIdContext> <!-- server only -->
+	///            <sessionCacheSize>0..n</sessionCacheSize>       <!-- server only -->
+	///            <sessionTimeout>0..n</sessionTimeout>           <!-- server only -->
 	///            <extendedVerification>true|false</extendedVerification>
 	///          </server|client>
 	///       </openSSL>
 	///    </AppConfig>
+	///
+	/// Following is a list of supported configuration properties. Property names must always
+	/// be prefixed with openSSL.server or openSSL.client. Some properties are only supported
+	/// for servers.
+	/// 
+	///    - privateKeyFile (string): The path to the file containing the private key for the certificate
+	///      in PEM format (or containing both the private key and the certificate).
+	///    - certificateFile (string): The Path to the file containing the server's or client's certificate
+	///      in PEM format. Can be omitted if the the file given in privateKeyFile contains the certificate as well.
+	///    - caConfig (string): The path to the file or directory containing the trusted root certificates.
+	///    - verificationMode (string): Specifies whether and how peer certificates are validated (see
+	///      the Context class for details). Valid values are none, relaxed, strict, once.
+	///    - verificationDepth (integer, 1-9): Sets the upper limit for verification chain sizes. Verification
+	///      will fail if a certificate chain larger than this is encountered.
+	///    - loadDefaultCAFile (boolean): Specifies wheter the builtin CA certificates from OpenSSL are used.
+	///    - cipherList (string): Specifies the supported ciphers in OpenSSL notation
+	///      (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH").
+	///    - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler)
+	///      used for obtaining the passphrase for accessing the private key.
+	///    - privateKeyPassphraseHandler.options.password (string): The password to be used by KeyFileHandler.
+	///    - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler)
+	///      used for confirming invalid certificates.
+	///    - cacheSessions (boolean): Enables or disables session caching (server only).
+	///    - sessionIdContext (string): contains the application's unique session ID context, which becomes 
+	///      part of each session identifier generated by the server. Can be an arbitrary sequence 
+	///      of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH.
+	///    - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of
+	///      sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too 
+	///      large for many applications, especially on embedded platforms with limited memory.
+	///      Specifying a size of 0 will set an unlimited cache size.
+	///    - sessionTimeout (integer):  Sets the timeout (in seconds) of cached sessions on the server.
+	///    - extendedVerification (boolean): Enable or disable the automatic post-connection
+	///      extended certificate verification.
 {
 public:
 	typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr;
@@ -251,6 +285,9 @@ private:
 	static const std::string CFG_CERTIFICATE_HANDLER;
 	static const std::string VAL_CERTIFICATE_HANDLER;
 	static const std::string CFG_CACHE_SESSIONS;
+	static const std::string CFG_SESSION_ID_CONTEXT;
+	static const std::string CFG_SESSION_CACHE_SIZE;
+	static const std::string CFG_SESSION_TIMEOUT;
 	static const std::string CFG_EXTENDED_VERIFICATION;
 
 	friend class Poco::SingletonHolder<SSLManager>;