You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2014/07/16 08:04:38 UTC

svn commit: r1610914 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS docs/manual/mod/mod_ssl.xml modules/ssl/ssl_engine_init.c

Author: rjung
Date: Wed Jul 16 06:04:38 2014
New Revision: 1610914

URL: http://svn.apache.org/r1610914
Log:
Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077).

Modified:
    httpd/httpd/branches/2.2.x/   (props changed)
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c

Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1610311

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1610914&r1=1610913&r2=1610914&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Jul 16 06:04:38 2014
@@ -5,6 +5,9 @@ Changes with Apache 2.2.28
      Fix a race condition in scoreboard handling, which could lead to
      a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
 
+  *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
+     resumed by TLS session resumption (RFC 5077). [Rainer Jung]
+
   *) mod_proxy_ajp: Forward local IP address as a custom request attribute
      like we already do for the remote port. [Rainer Jung]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1610914&r1=1610913&r2=1610914&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Jul 16 06:04:38 2014
@@ -121,15 +121,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.2.x patch: http://people.apache.org/~covener/patches/httpd-2.2.x-cgid-script_timeout.diff
      +1: covener, trawick, ylavic
 
-   * mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
-     resumed by TLS session resumption (RFC 5077).
-     trunk patch: http://svn.apache.org/r1610311
-     2.4.x patch: Trunk patch works modulo CHANGES
-                  and compatibility note.
-     2.2.x patch: http://people.apache.org/~rjung/patches/mod_ssl_session_resumption_timeout-2.2.patch
-     +1: rjung, ylavic, covener
-
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml?rev=1610914&r1=1610913&r2=1610914&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml Wed Jul 16 06:04:38 2014
@@ -463,11 +463,13 @@ in the Session Cache</description>
 <default>SSLSessionCacheTimeout 300</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
+<compatibility>Applies also to RFC 5077 TLS session resumption in Apache 2.2.28 and later</compatibility>
 
 <usage>
 <p>
 This directive sets the timeout in seconds for the information stored in the
-global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
+global/inter-process SSL Session Cache, the OpenSSL internal memory cache and
+for sessions resumed by TLS session resumption (RFC 5077).
 It can be set as low as 15 for testing, but should be set to higher
 values like 300 in real life.</p>
 <example><title>Example</title>

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=1610914&r1=1610913&r2=1610914&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Wed Jul 16 06:04:38 2014
@@ -1264,6 +1264,10 @@ static void ssl_init_server_ctx(server_r
     ssl_init_ctx(s, p, ptemp, sc->server);
 
     ssl_init_server_certs(s, p, ptemp, sc->server);
+
+    SSL_CTX_set_timeout(sc->server->ssl_ctx,
+                        sc->session_cache_timeout == UNSET ?
+                        SSL_SESSION_CACHE_TIMEOUT : sc->session_cache_timeout);
 }
 
 /*