session context handling while polling

[tpank]

It can happen that polling takes quite some time (say, a week) before the final response arrives.

• During this time, CRLs specified in the CMP and SSL contexts may expire and should be refreshed in order to support meaningful TLS session renegotiation (if applicable) and cert checking at CMP level.
• Moreover, at least CRLs held in theses contexts can be quite large and use hundreds of kB of memory, which may be a problem on constrained devices, so it would be nice if they could be released while waiting for the next poll cycle.

To solve these issues, would be good to release CRLs every time a "waiting" response has been received where the "checkAfter" period is longer than a configurable time, and to fetch them again when doing the ness poll request.

Moreover, the device/system/application doing the CMP request might get restarted in the meantime, so wold be nice if a resumption of the pending cert request activity was possible, which requires persistent storage of status data like the type of request, request ID, transaction ID, and sender nonce.

Reported by: DDvO

Original Ticket: cmpforopenssl/feature-requests/31