You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2008/04/08 16:21:29 UTC
svn commit: r645940 - in /httpd/httpd/trunk/modules/ssl: config.m4 mod_ssl.c
ssl_engine_config.c ssl_engine_mutex.c ssl_private.h ssl_scache.c
ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_memcache.c ssl_scache_shmcb.c
Author: jorton
Date: Tue Apr 8 07:21:24 2008
New Revision: 645940
URL: http://svn.apache.org/viewvc?rev=645940&view=rev
Log:
Session cache interface redesign, Part 9:
Switch mod_ssl to use the ap_socache interface.
* modules/ssl/ssl_scache_shmcb.c, modules/ssl/ssl_scache_memcache.c,
modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_dbm.c: Remove
files.
* modules/ssl/mod_ssl.c (modssl_register_scache): Remove function.
* modules/ssl/ssl_private.h: Remove modssl_sesscache_provider etc.
(SSLModConfigRec): Switch to using socache types.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Switch to
use socache provider.
* modules/ssl/ssl_engine_mutex.c, modules/ssl/ssl_scache.c: Switch to
using socache constants.
* modules/ssl/config.m4: Drop distache/memcache configuration, remove
old objects.
Removed:
httpd/httpd/trunk/modules/ssl/ssl_scache_dbm.c
httpd/httpd/trunk/modules/ssl/ssl_scache_dc.c
httpd/httpd/trunk/modules/ssl/ssl_scache_memcache.c
httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c
Modified:
httpd/httpd/trunk/modules/ssl/config.m4
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_mutex.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
httpd/httpd/trunk/modules/ssl/ssl_scache.c
Modified: httpd/httpd/trunk/modules/ssl/config.m4
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/config.m4?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/config.m4 (original)
+++ httpd/httpd/trunk/modules/ssl/config.m4 Tue Apr 8 07:21:24 2008
@@ -13,128 +13,6 @@
dnl See the License for the specific language governing permissions and
dnl limitations under the License.
-AC_DEFUN([CHECK_DISTCACHE], [
- AC_MSG_CHECKING(whether Distcache is required)
- ap_ssltk_dc="no"
- tmp_nomessage=""
- tmp_forced="no"
- AC_ARG_ENABLE(distcache,
- APACHE_HELP_STRING(--enable-distcache,Select distcache support in mod_ssl),
- ap_ssltk_dc="$enableval"
- tmp_nomessage=""
- tmp_forced="yes"
- if test "x$ap_ssltk_dc" = "x"; then
- ap_ssltk_dc="yes"
- dnl our "error"s become "tests revealed that..."
- tmp_forced="no"
- fi
- if test "$ap_ssltk_dc" != "yes" -a "$ap_ssltk_dc" != "no"; then
- tmp_nomessage="--enable-distcache had illegal syntax - disabling"
- ap_ssltk_dc="no"
- fi)
- if test "$tmp_forced" = "no"; then
- AC_MSG_RESULT($ap_ssltk_dc (default))
- else
- AC_MSG_RESULT($ap_ssltk_dc (specified))
- fi
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_dc" = "xno" -a "x$tmp_nomessage" != "x"; then
- AC_MSG_ERROR(distcache support failed: $tmp_nomessage)
- fi
- if test "$ap_ssltk_dc" = "yes"; then
- AC_CHECK_HEADER(
- [distcache/dc_client.h],
- [],
- [tmp_nomessage="can't include distcache headers"
- ap_ssltk_dc="no"])
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_dc" = "xno"; then
- AC_MSG_ERROR(distcache support failed: $tmp_nomessage)
- fi
- fi
- if test "$ap_ssltk_dc" = "yes"; then
- AC_MSG_CHECKING(for Distcache version)
- AC_TRY_COMPILE(
-[#include <distcache/dc_client.h>],
-[#if DISTCACHE_CLIENT_API != 0x0001
-#error "distcache API version is unrecognised"
-#endif],
-[],
-[tmp_nomessage="distcache has an unsupported API version"
-ap_ssltk_dc="no"])
- AC_MSG_RESULT($ap_ssltk_dc)
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_dc" = "xno"; then
- AC_MSG_ERROR(distcache support failed: $tmp_nomessage)
- fi
- fi
- if test "$ap_ssltk_dc" = "yes"; then
- AC_MSG_CHECKING(for Distcache libraries)
- save_libs=$LIBS
- LIBS="$LIBS -ldistcache -lnal"
- AC_TRY_LINK(
- [#include <distcache/dc_client.h>],
- [DC_CTX *foo = DC_CTX_new((const char *)0,0);],
- [],
- [tmp_no_message="failed to link with distcache libraries"
- ap_ssltk_dc="no"])
- LIBS=$save_libs
- AC_MSG_RESULT($ap_ssltk_dc)
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_dc" = "xno"; then
- AC_MSG_ERROR(distcache support failed: $tmp_nomessage)
- else
- APR_ADDTO(MOD_SSL_LDADD, [-ldistcache -lnal])
- AC_DEFINE(HAVE_DISTCACHE, 1, [Define if distcache support is enabled])
- fi
- fi
-])
-
-
-
-AC_DEFUN([CHECK_SSL_MEMCACHE], [
- AC_MSG_CHECKING(for ssl session caching in memcache)
- ap_ssltk_mc="no"
- tmp_nomessage=""
- tmp_forced="no"
- AC_ARG_ENABLE(ssl-memcache,
- APACHE_HELP_STRING(--enable-ssl-memcache,Select memcache support in mod_ssl),
- ap_ssltk_mc="$enableval"
- tmp_nomessage=""
- tmp_forced="yes"
- if test "x$ap_ssltk_mc" = "x"; then
- ap_ssltk_mc="yes"
- dnl our "error"s become "tests revealed that..."
- tmp_forced="no"
- fi
- if test "$ap_ssltk_mc" != "yes" -a "$ap_ssltk_mc" != "no"; then
- tmp_nomessage="--enable-ssl-cache-memcache had illegal syntax - disabling"
- ap_ssltk_mc="no"
- fi)
- if test "$tmp_forced" = "no"; then
- AC_MSG_RESULT($ap_ssltk_mc (default))
- else
- AC_MSG_RESULT($ap_ssltk_mc (specified))
- fi
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_mc" = "xno" -a "x$tmp_nomessage" != "x"; then
- AC_MSG_ERROR(ssl memcache support failed: $tmp_nomessage)
- fi
- if test "$ap_ssltk_mc" = "yes"; then
- save_cpp=$CPPFLAGS
- CPPFLAGS="$CPPFLAGS $APR_INCLUDES $APU_INCLUDES"
- AC_CHECK_HEADER(
- [apr_memcache.h],
- [],
- [tmp_nomessage="can't include apr_memcache headers"
- ap_ssltk_mc="no"])
-
- CPPFLAGS=$save_cpp
-
- if test "$tmp_forced" = "yes" -a "x$ap_ssltk_mc" = "xno"; then
- AC_MSG_ERROR(ssl memcache support failed: $tmp_nomessage)
- fi
- fi
- if test "$ap_ssltk_mc" = "yes"; then
- AC_DEFINE(HAVE_SSL_CACHE_MEMCACHE, 1, [Define if ssl-memcache support is enabled])
- fi
-])
-
AC_DEFUN([CHECK_OCSP], [
AC_CHECK_HEADERS(openssl/ocsp.h,
[AC_DEFINE([HAVE_OCSP], 1, [Define if OCSP is supported by OpenSSL])]
@@ -162,10 +40,6 @@
ssl_expr_parse.lo dnl
ssl_expr_scan.lo dnl
ssl_scache.lo dnl
-ssl_scache_dbm.lo dnl
-ssl_scache_shmcb.lo dnl
-ssl_scache_dc.lo dnl
-ssl_scache_memcache.lo dnl
ssl_util.lo dnl
ssl_util_ssl.lo dnl
ssl_engine_ocsp.lo dnl
@@ -175,8 +49,6 @@
APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
APACHE_CHECK_SSL_TOOLKIT
APR_SETVAR(MOD_SSL_LDADD, [\$(SSL_LIBS)])
- CHECK_DISTCACHE
- CHECK_SSL_MEMCACHE
CHECK_OCSP
if test "x$enable_ssl" = "xshared"; then
# The only symbol which needs to be exported is the module
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Tue Apr 8 07:21:24 2008
@@ -454,34 +454,6 @@
return ssl_init_ssl_connection(c, NULL);
}
-/* Register all session cache providers. */
-static void modssl_register_scache(apr_pool_t *p)
-{
- /* shmcb is a cache of many names. */
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmcb",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_shmcb);
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmht",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_shmcb);
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shm",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_shmcb);
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dbm",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_dbm);
-#ifdef HAVE_DISTCACHE
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dc",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_dc);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
- ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "mc",
- MODSSL_SESSCACHE_PROVIDER_VERSION,
- &modssl_sesscache_mc);
-#endif
-}
-
/*
* the module registration phase
*/
@@ -511,8 +483,6 @@
ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
ssl_var_register(p);
-
- modssl_register_scache(p);
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Apr 8 07:21:24 2008
@@ -985,9 +985,9 @@
char *name = apr_pstrmemdup(cmd->pool, arg, sep - arg);
/* Find the provider of given name. */
- mc->sesscache = ap_lookup_provider(MODSSL_SESSCACHE_PROVIDER_GROUP,
+ mc->sesscache = ap_lookup_provider(AP_SOCACHE_PROVIDER_GROUP,
name,
- MODSSL_SESSCACHE_PROVIDER_VERSION);
+ AP_SOCACHE_PROVIDER_VERSION);
if (mc->sesscache) {
/* Cache found; create it, passing anything beyond the colon. */
mc->sesscache_mode = enabled_flags;
@@ -1001,8 +1001,8 @@
/* Build a comma-separated list of all registered provider
* names: */
name_list = ap_list_provider_names(cmd->pool,
- MODSSL_SESSCACHE_PROVIDER_GROUP,
- MODSSL_SESSCACHE_PROVIDER_VERSION);
+ AP_SOCACHE_PROVIDER_GROUP,
+ AP_SOCACHE_PROVIDER_VERSION);
all_names = apr_array_pstrcat(cmd->pool, name_list, ',');
err = apr_psprintf(cmd->pool, "'%s' session cache not supported "
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_mutex.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_mutex.c?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_mutex.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_mutex.c Tue Apr 8 07:21:24 2008
@@ -43,7 +43,7 @@
* the provider used is not internally multi-process/thread
* safe. */
if (!mc->sesscache
- || (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) == 0) {
+ || (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) == 0) {
return TRUE;
}
@@ -88,7 +88,7 @@
apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE || !mc->sesscache
- || (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) == 0) {
+ || (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) == 0) {
return TRUE;
}
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Tue Apr 8 07:21:24 2008
@@ -48,11 +48,9 @@
#include "apr_lib.h"
#include "apr_fnmatch.h"
#include "apr_strings.h"
-#include "apr_dbm.h"
-#include "apr_rmm.h"
-#include "apr_shm.h"
#include "apr_global_mutex.h"
#include "apr_optional.h"
+#include "ap_socache.h"
#define MOD_SSL_VERSION AP_SERVER_BASEREVISION
@@ -159,25 +157,6 @@
#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
/**
- * Support for DBM library
- */
-#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
-#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
-#if defined(DBM_SUFFIX)
-#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
-#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
-#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
-#define SSL_DBM_FILE_SUFFIX_DIR ".db"
-#define SSL_DBM_FILE_SUFFIX_PAG ".db"
-#else
-#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
-#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
-#endif
-#endif
-
-
-/**
* Define the certificate algorithm types
*/
@@ -351,59 +330,6 @@
int non_ssl_request;
} SSLConnRec;
-#define MODSSL_SESSCACHE_PROVIDER_GROUP "mod_ssl-sesscache"
-#define MODSSL_SESSCACHE_PROVIDER_VERSION "0"
-
-/* If this flag is set, the store/retrieve/delete/status interfaces of
- * the provider are NOT safe to be called concurrently from multiple
- * processes or threads, and an external global mutex must be used to
- * serialize access to the provider. */
-#define MODSSL_SESSCACHE_FLAG_NOTMPSAFE (0x0001)
-
-/* Session cache provider vtable. */
-typedef struct {
- /* Canonical provider name: */
- const char *name;
-
- /* Bitmask of MODSSL_SESSCACHE_FLAG_* flags: */
- unsigned int flags;
-
- /* Create a session cache based on the given configuration string
- * ARG. Returns NULL on success, or an error string on failure.
- * Pool TMP should be used for any temporary allocations, pool P
- * should be used for any allocations lasting as long as the
- * lifetime of the return context.
- *
- * The context pointer returned in *CONTEXT will be passed as the
- * first argument to subsequent invocations. */
- const char *(*create)(void **context, const char *arg,
- apr_pool_t *tmp, apr_pool_t *p);
- /* Initialize the cache. Return APR error code. */
- apr_status_t (*init)(void *context, server_rec *s, apr_pool_t *pool);
- /* Destroy a given cache context. */
- void (*destroy)(void *context, server_rec *s);
- /* Store an object in the cache. */
- apr_status_t (*store)(void *context, server_rec *s,
- const unsigned char *id, unsigned int idlen,
- time_t expiry,
- unsigned char *data, unsigned int datalen);
- /* Retrieve cached data with key ID of length IDLEN,
- * returning TRUE on success or FALSE otherwise. If
- * TRUE, the data must be placed in DEST, which has length
- * on entry of *DESTLEN. *DESTLEN must be updated to
- * equal the length of data written on exit. */
- apr_status_t (*retrieve)(void *context, server_rec *s,
- const unsigned char *id, unsigned int idlen,
- unsigned char *dest, unsigned int *destlen,
- apr_pool_t *pool);
- /* Remove an object from the cache. */
- void (*delete)(void *context, server_rec *s,
- const unsigned char *id, unsigned int idlen,
- apr_pool_t *pool);
- /* Dump cache status for mod_status output. */
- void (*status)(void *context, request_rec *r, int flags);
-} modssl_sesscache_provider;
-
typedef struct {
pid_t pid;
apr_pool_t *pPool;
@@ -414,8 +340,8 @@
/* The configured provider, and associated private data
* structure. */
- const modssl_sesscache_provider *sesscache;
- void *sesscache_context;
+ const ap_socache_provider_t *sesscache;
+ ap_socache_instance_t *sesscache_context;
ssl_mutexmode_t nMutexMode;
apr_lockmech_e nMutexMech;
@@ -638,17 +564,6 @@
void ssl_scache_remove(server_rec *, UCHAR *, int,
apr_pool_t *);
-extern const modssl_sesscache_provider modssl_sesscache_shmcb;
-extern const modssl_sesscache_provider modssl_sesscache_dbm;
-
-#ifdef HAVE_DISTCACHE
-extern const modssl_sesscache_provider modssl_sesscache_dc;
-#endif
-
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-extern const modssl_sesscache_provider modssl_sesscache_mc;
-#endif
-
/** Proxy Support */
int ssl_proxy_enable(conn_rec *c);
int ssl_engine_disable(conn_rec *c);
@@ -731,8 +646,6 @@
apr_array_header_t *ssl_ext_list(apr_pool_t *p, conn_rec *c, int peer, const char *extension);
void ssl_var_log_config_register(apr_pool_t *p);
-
-#define APR_SHM_MAXSIZE (64 * 1024 * 1024)
#ifdef HAVE_OCSP
/* Perform OCSP validation of the current cert in the given context.
Modified: httpd/httpd/trunk/modules/ssl/ssl_scache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_scache.c?rev=645940&r1=645939&r2=645940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_scache.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_scache.c Tue Apr 8 07:21:24 2008
@@ -151,13 +151,13 @@
{
SSLModConfigRec *mc = myModConfig(s);
- if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+ if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
ssl_mutex_on(s);
}
mc->sesscache->delete(mc->sesscache_context, s, id, idlen, p);
- if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+ if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
ssl_mutex_off(s);
}
}