You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@apache.org on 2004/03/27 00:53:35 UTC
cvs commit: httpd-2.0/modules/ssl ssl_toolkit_compat.h ssl_engine_init.c
madhum 2004/03/26 15:53:35
Modified: . CHANGES
modules/ssl ssl_toolkit_compat.h ssl_engine_init.c
Log:
In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
just prevents the internal lookup but does not prevent the caching.
OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
prevent OpenSSL from both lookup and caching the sessions internally.
PR: 26562
Reviewed by: Geoff Thorpe, Joe Orton
Revision Changes Path
1.1439 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1438
retrieving revision 1.1439
diff -u -r1.1438 -r1.1439
--- CHANGES 25 Mar 2004 02:33:57 -0000 1.1438
+++ CHANGES 26 Mar 2004 23:53:35 -0000 1.1439
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory
+ leak. PR 26562. [Madhusudan Mathihalli]
+
*) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
is set in r->subprocess_env allow mismatched query strings to pass.
PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
1.41 +4 -0 httpd-2.0/modules/ssl/ssl_toolkit_compat.h
Index: ssl_toolkit_compat.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- ssl_toolkit_compat.h 9 Feb 2004 20:29:22 -0000 1.40
+++ ssl_toolkit_compat.h 26 Mar 2004 23:53:35 -0000 1.41
@@ -223,4 +223,8 @@
SSL_set_verify(ssl, verify, cb)
#endif
+#ifndef SSL_SESS_CACHE_NO_INTERNAL
+#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+#endif
+
#endif /* SSL_TOOLKIT_COMPAT_H */
1.127 +2 -2 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- ssl_engine_init.c 5 Mar 2004 02:44:40 -0000 1.126
+++ ssl_engine_init.c 26 Mar 2004 23:53:35 -0000 1.127
@@ -446,11 +446,11 @@
long cache_mode = SSL_SESS_CACHE_OFF;
if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
- /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
+ /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
* to ignore process local-caching and
* to always get/set/delete sessions using mod_ssl's callbacks.
*/
- cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+ cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL;
}
SSL_CTX_set_session_cache_mode(ctx, cache_mode);