suresh chandraº·¬„(z�ÚÚv+ºË¢{&‰Ê貇ír‰

Dear All,

I am working on my own server that supports SSL, both with and without
client authentication. I am in the process of implementing a feature which
allows the server to prompt the user to provide his digital certificate
whenever he tries to access a resource that requires client authentication.

So whenever i get a request for such a Page then my server sends a SSL
HelloRequest to the Client thus initiating a SSL renegotiation. The server
caches the HTTP request in its Session buffer before it initiates the
renegotiation.

So, the client re-initiates the handshake by sending the 'client-hello'
packet (encrypted with the session key negotiated in the previous session)
and the server reciprocates with the serverhello, server cert, client cert
request and server hello done packets, all encrypted with the older session
key.

At this stage, IE closes the connection with the server and prompts the
client to choose his digital certificate. When the client chooses the
certificate it re-initiates the handshake, establishes a new connection and
then starts the handshake process again with the 'client-hello' packet.

Now, at this stage I am not sure how to link up the old SSL session and the
new SSL session on the server side. Actually I have to forward the HTTP
request to another backend server, get the response and forward it to the IE
client.

My question is how do i link the old and new sessions that i have
established with the Internet Explorer.

Any help on this would be greatly appreciated.

Regards