You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@apache.org on 2004/03/27 00:53:35 UTC

cvs commit: httpd-2.0/modules/ssl ssl_toolkit_compat.h ssl_engine_init.c

madhum      2004/03/26 15:53:35

  Modified:    .        CHANGES
               modules/ssl ssl_toolkit_compat.h ssl_engine_init.c
  Log:
  In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
  just prevents the internal lookup but does not prevent the caching.
  OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
  prevent OpenSSL from both lookup and caching the sessions internally.
  
  PR: 26562
  Reviewed by: Geoff Thorpe, Joe Orton
  
  Revision  Changes    Path
  1.1439    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1438
  retrieving revision 1.1439
  diff -u -r1.1438 -r1.1439
  --- CHANGES	25 Mar 2004 02:33:57 -0000	1.1438
  +++ CHANGES	26 Mar 2004 23:53:35 -0000	1.1439
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory
  +     leak. PR 26562. [Madhusudan Mathihalli] 
  +
     *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
        is set in r->subprocess_env allow mismatched query strings to pass.
        PR 27758.  [Paul Querna <chip force-elite.com>, Geoffrey Young]
  
  
  
  1.41      +4 -0      httpd-2.0/modules/ssl/ssl_toolkit_compat.h
  
  Index: ssl_toolkit_compat.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- ssl_toolkit_compat.h	9 Feb 2004 20:29:22 -0000	1.40
  +++ ssl_toolkit_compat.h	26 Mar 2004 23:53:35 -0000	1.41
  @@ -223,4 +223,8 @@
       SSL_set_verify(ssl, verify, cb)
   #endif
   
  +#ifndef SSL_SESS_CACHE_NO_INTERNAL
  +#define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
  +#endif
  +
   #endif /* SSL_TOOLKIT_COMPAT_H */
  
  
  
  1.127     +2 -2      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.126
  retrieving revision 1.127
  diff -u -r1.126 -r1.127
  --- ssl_engine_init.c	5 Mar 2004 02:44:40 -0000	1.126
  +++ ssl_engine_init.c	26 Mar 2004 23:53:35 -0000	1.127
  @@ -446,11 +446,11 @@
       long cache_mode = SSL_SESS_CACHE_OFF;
   
       if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
  -        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
  +        /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
            * to ignore process local-caching and
            * to always get/set/delete sessions using mod_ssl's callbacks.
            */
  -        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
  +        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL;
       }
   
       SSL_CTX_set_session_cache_mode(ctx, cache_mode);