You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2005/07/08 17:58:47 UTC
svn commit: r209827 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_ssl.html.en docs/manual/mod/mod_ssl.xml
modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c
modules/ssl/ssl_private.h
Author: jim
Date: Fri Jul 8 08:58:46 2005
New Revision: 209827
URL: http://svn.apache.org/viewcvs?rev=209827&view=rev
Log:
Good suggestion from a private Email. name changes.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Fri Jul 8 08:58:46 2005
@@ -1,11 +1,9 @@
Changes with Apache 2.1.7
[Remove entries to the current 2.0 section below, when backported]
- *) Add additional SSLSessionCache option, 'internal', which makes
- mod_ssl just use OpenSSL's own internal session ID cache. Useful
- when one needs to disable any external, shared caches but
- requires the server to send non-null session IDs.
- [Jim Jagielski]
+ *) Add additional SSLSessionCache option, 'nonenotnull', which is
+ similar to 'none' (disabling any external shared cache) but forces
+ OpenSSL to provide a non-null session ID. [Jim Jagielski]
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Fri Jul 8 08:58:46 2005
@@ -1532,12 +1532,11 @@
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
-<li><code>internal</code>
+<li><code>nonenotnull</code>
<p>This disables any global/inter-process Session Cache. However
- it does allow OpenSSL to use its own internal session cache. This in
- mainly useful in situations where a global cache cannot be used
- but the client requires a non-null session ID.</p></li>
+ it does force OpenSSL to send a non-null session ID to
+ accommodate buggy clients that require one.</p></li>
<li><code>dbm:/path/to/datafile</code>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Jul 8 08:58:46 2005
@@ -412,12 +412,11 @@
using certain browsers, particularly if client certificates are
enabled. This setting is not recommended.</p></li>
-<li><code>internal</code>
+<li><code>nonenotnull</code>
<p>This disables any global/inter-process Session Cache. However
- it does allow OpenSSL to use its own internal session cache. This in
- mainly useful in situations where a global cache cannot be used
- but the client requires a non-null session ID.</p></li>
+ it does force OpenSSL to send a non-null session ID to
+ accommodate buggy clients that require one.</p></li>
<li><code>dbm:/path/to/datafile</code>
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Jul 8 08:58:46 2005
@@ -83,7 +83,7 @@
"or `exec:/path/to/cgi_program')")
SSL_CMD_SRV(SessionCache, TAKE1,
"SSL Session Cache storage "
- "(`none', `internal', `dbm:/path/to/file')")
+ "(`none', `nonenotnull', `dbm:/path/to/file')")
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
SSL_CMD_SRV(CryptoDevice, TAKE1,
"SSL external Crypto Device usage "
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jul 8 08:58:46 2005
@@ -1001,8 +1001,8 @@
mc->nSessionCacheMode = SSL_SCMODE_NONE;
mc->szSessionCacheDataFile = NULL;
}
- else if (strcEQ(arg, "internal")) {
- mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL;
+ else if (strcEQ(arg, "nonenotnull")) {
+ mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL;
mc->szSessionCacheDataFile = NULL;
}
else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=209827&r1=209826&r2=209827&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Jul 8 08:58:46 2005
@@ -260,7 +260,7 @@
SSL_SCMODE_DBM = 1,
SSL_SCMODE_SHMCB = 3,
SSL_SCMODE_DC = 4,
- SSL_SCMODE_OPENSSL_INTERNAL = 5
+ SSL_SCMODE_NONE_NOT_NULL = 5
} ssl_scmode_t;
/*
Re: svn commit: r209827 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.html.en docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_private.h
Posted by Joe Orton <jo...@redhat.com>.
On Fri, Jul 08, 2005 at 03:58:47PM -0000, Jim Jagielski wrote:
> Author: jim
> Date: Fri Jul 8 08:58:46 2005
> New Revision: 209827
>
> URL: http://svn.apache.org/viewcvs?rev=209827&view=rev
> Log:
> Good suggestion from a private Email. name changes.
"nonenotnull" is a *good* name suggestion? I'd hate to see a bad one
then :) Please justify why you can't just enable a real session cache in
this case, else -1 for this feature.
I believe there are still cases where MSIE will barf if the server won't
resume a session in new connections (when using client certs IIRC), so I
I really don't think this is worthwhile.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
> httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> httpd/httpd/trunk/modules/ssl/mod_ssl.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> httpd/httpd/trunk/modules/ssl/ssl_private.h
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES (original)
> +++ httpd/httpd/trunk/CHANGES Fri Jul 8 08:58:46 2005
> @@ -1,11 +1,9 @@
> Changes with Apache 2.1.7
> [Remove entries to the current 2.0 section below, when backported]
>
> - *) Add additional SSLSessionCache option, 'internal', which makes
> - mod_ssl just use OpenSSL's own internal session ID cache. Useful
> - when one needs to disable any external, shared caches but
> - requires the server to send non-null session IDs.
> - [Jim Jagielski]
> + *) Add additional SSLSessionCache option, 'nonenotnull', which is
> + similar to 'none' (disabling any external shared cache) but forces
> + OpenSSL to provide a non-null session ID. [Jim Jagielski]
>
> *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
> [Paul Querna]
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Fri Jul 8 08:58:46 2005
> @@ -1532,12 +1532,11 @@
> using certain browsers, particularly if client certificates are
> enabled. This setting is not recommended.</p></li>
>
> -<li><code>internal</code>
> +<li><code>nonenotnull</code>
>
> <p>This disables any global/inter-process Session Cache. However
> - it does allow OpenSSL to use its own internal session cache. This in
> - mainly useful in situations where a global cache cannot be used
> - but the client requires a non-null session ID.</p></li>
> + it does force OpenSSL to send a non-null session ID to
> + accommodate buggy clients that require one.</p></li>
>
> <li><code>dbm:/path/to/datafile</code>
>
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Jul 8 08:58:46 2005
> @@ -412,12 +412,11 @@
> using certain browsers, particularly if client certificates are
> enabled. This setting is not recommended.</p></li>
>
> -<li><code>internal</code>
> +<li><code>nonenotnull</code>
>
> <p>This disables any global/inter-process Session Cache. However
> - it does allow OpenSSL to use its own internal session cache. This in
> - mainly useful in situations where a global cache cannot be used
> - but the client requires a non-null session ID.</p></li>
> + it does force OpenSSL to send a non-null session ID to
> + accommodate buggy clients that require one.</p></li>
>
> <li><code>dbm:/path/to/datafile</code>
>
>
> Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
> +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Jul 8 08:58:46 2005
> @@ -83,7 +83,7 @@
> "or `exec:/path/to/cgi_program')")
> SSL_CMD_SRV(SessionCache, TAKE1,
> "SSL Session Cache storage "
> - "(`none', `internal', `dbm:/path/to/file')")
> + "(`none', `nonenotnull', `dbm:/path/to/file')")
> #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
> SSL_CMD_SRV(CryptoDevice, TAKE1,
> "SSL external Crypto Device usage "
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jul 8 08:58:46 2005
> @@ -1001,8 +1001,8 @@
> mc->nSessionCacheMode = SSL_SCMODE_NONE;
> mc->szSessionCacheDataFile = NULL;
> }
> - else if (strcEQ(arg, "internal")) {
> - mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL;
> + else if (strcEQ(arg, "nonenotnull")) {
> + mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL;
> mc->szSessionCacheDataFile = NULL;
> }
> else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Jul 8 08:58:46 2005
> @@ -260,7 +260,7 @@
> SSL_SCMODE_DBM = 1,
> SSL_SCMODE_SHMCB = 3,
> SSL_SCMODE_DC = 4,
> - SSL_SCMODE_OPENSSL_INTERNAL = 5
> + SSL_SCMODE_NONE_NOT_NULL = 5
> } ssl_scmode_t;
>
> /*
>