MITM CA should cache certificates

[von]

Currently the MITM CA generates a new certificate (reusing a key though) for each connection. This means the browser actually sees a different certificate each time it connects to a particular server. The CA should cache and reuse a certificate for the same server.

Maybe whenever it should use the same certificate every time it sees the same certificate from the server? So base the certificate to use based on the certificate seen. Not sure about this.

Create a directory that serves as a cache to accomplish this.

Edit 5/11/2011: Not so sure about this issue for several reasons:

1) Is it a real benefit? Currently one key is used for all service certificates, so that reduces the overhead. Not clear to me this is a problem that needs to be solved (or how much caching would solve it).

2) Dealing with sharing credentials across threads is tricky. Need locking to avoid double creation. And how does openssl reaction to credentials changing underneath it?

3) Add handling expiration to point #2 and things get hairier.

So right now I'm leaning away from this hard.

[von]

Have not convinced myself this is something should be done. Closing issue.