www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Fix case where buggy OpenSSL internal cache continually grows.

Browse Source 
So don't bother to store it, but still force OpenSSL
to provide a Session ID.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jim Jagielski
2005-07-08 15:41:14 +00:00
parent eaccca5df3
commit 073384b262
5 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,6 +1,12 @@
Changes with Apache 2.1.7 Changes with Apache 2.1.7
[Remove entries to the current 2.0 section below, when backported] [Remove entries to the current 2.0 section below, when backported]
*) Add additional SSLSessionCache option, 'internal', which makes
mod_ssl just use OpenSSL's own internal session ID cache. Useful
when one needs to disable any external, shared caches but
requires the server to send non-null session IDs.
[Jim Jagielski]
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files. *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna] [Paul Querna]

2
modules/ssl/mod_ssl.c
View File

@@ -83,7 +83,7 @@ static const command_rec ssl_config_cmds[] = {
"or `exec:/path/to/cgi_program')") "or `exec:/path/to/cgi_program')")
SSL_CMD_SRV(SessionCache, TAKE1, SSL_CMD_SRV(SessionCache, TAKE1,
"SSL Session Cache storage " "SSL Session Cache storage "
"(`none', `dbm:/path/to/file')") "(`none', `internal', `dbm:/path/to/file')")
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
SSL_CMD_SRV(CryptoDevice, TAKE1, SSL_CMD_SRV(CryptoDevice, TAKE1,
"SSL external Crypto Device usage " "SSL external Crypto Device usage "

4
modules/ssl/ssl_engine_config.c
View File

@@ -1001,6 +1001,10 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd,
mc->nSessionCacheMode = SSL_SCMODE_NONE; mc->nSessionCacheMode = SSL_SCMODE_NONE;
mc->szSessionCacheDataFile = NULL; mc->szSessionCacheDataFile = NULL;
} }
else if (strcEQ(arg, "internal")) {
mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL;
mc->szSessionCacheDataFile = NULL;
}
else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) { else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
mc->nSessionCacheMode = SSL_SCMODE_DBM; mc->nSessionCacheMode = SSL_SCMODE_DBM;
mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4); mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4);

1
modules/ssl/ssl_engine_init.c
View File

@@ -467,7 +467,6 @@ static void ssl_init_ctx_session_cache(server_rec *s,
SSL_CTX *ctx = mctx->ssl_ctx; SSL_CTX *ctx = mctx->ssl_ctx;
SSLModConfigRec *mc = myModConfig(s); SSLModConfigRec *mc = myModConfig(s);
long cache_mode = SSL_SESS_CACHE_OFF; long cache_mode = SSL_SESS_CACHE_OFF;
if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
/* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
* to ignore process local-caching and * to ignore process local-caching and

3
modules/ssl/ssl_private.h
View File

@@ -259,7 +259,8 @@ typedef enum {
SSL_SCMODE_NONE = 0, SSL_SCMODE_NONE = 0,
SSL_SCMODE_DBM = 1, SSL_SCMODE_DBM = 1,
SSL_SCMODE_SHMCB = 3, SSL_SCMODE_SHMCB = 3,
SSL_SCMODE_DC = 4 SSL_SCMODE_DC = 4,
SSL_SCMODE_OPENSSL_INTERNAL = 5
} ssl_scmode_t; } ssl_scmode_t;
/* /*