You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2005/07/08 17:41:15 UTC
svn commit: r209821 - in /httpd/httpd/trunk: CHANGES modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h

Author: jim
Date: Fri Jul  8 08:41:14 2005
New Revision: 209821

URL: http://svn.apache.org/viewcvs?rev=209821&view=rev
Log:
Fix case where buggy OpenSSL internal cache continually grows.
So don't bother to store it, but still force OpenSSL
to provide a Session ID.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209821&r1=209820&r2=209821&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Fri Jul  8 08:41:14 2005
@@ -1,6 +1,12 @@
 Changes with Apache 2.1.7
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Add additional SSLSessionCache option, 'internal', which makes
+     mod_ssl just use OpenSSL's own internal session ID cache. Useful
+     when one needs to disable any external, shared caches but
+     requires the server to send non-null session IDs.
+     [Jim Jagielski]
+
   *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
      [Paul Querna]
 

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=209821&r1=209820&r2=209821&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Jul  8 08:41:14 2005
@@ -83,7 +83,7 @@
                 "or `exec:/path/to/cgi_program')")
     SSL_CMD_SRV(SessionCache, TAKE1,
                 "SSL Session Cache storage "
-                "(`none', `dbm:/path/to/file')")
+                "(`none', `internal', `dbm:/path/to/file')")
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
     SSL_CMD_SRV(CryptoDevice, TAKE1,
                 "SSL external Crypto Device usage "

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=209821&r1=209820&r2=209821&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jul  8 08:41:14 2005
@@ -1001,6 +1001,10 @@
         mc->nSessionCacheMode      = SSL_SCMODE_NONE;
         mc->szSessionCacheDataFile = NULL;
     }
+    else if (strcEQ(arg, "internal")) {
+        mc->nSessionCacheMode      = SSL_SCMODE_OPENSSL_INTERNAL;
+        mc->szSessionCacheDataFile = NULL;
+    }
     else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
         mc->nSessionCacheMode      = SSL_SCMODE_DBM;
         mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4);

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=209821&r1=209820&r2=209821&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Jul  8 08:41:14 2005
@@ -467,7 +467,6 @@
     SSL_CTX *ctx = mctx->ssl_ctx;
     SSLModConfigRec *mc = myModConfig(s);
     long cache_mode = SSL_SESS_CACHE_OFF;
-
     if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
         /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
          * to ignore process local-caching and

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=209821&r1=209820&r2=209821&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Jul  8 08:41:14 2005
@@ -259,7 +259,8 @@
     SSL_SCMODE_NONE  = 0,
     SSL_SCMODE_DBM   = 1,
     SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4
+    SSL_SCMODE_DC    = 4,
+    SSL_SCMODE_OPENSSL_INTERNAL = 5
 } ssl_scmode_t;
 
 /*