Fix case where buggy OpenSSL internal cache continually grows.

So don't bother to store it, but still force OpenSSL to provide a Session ID. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2005-07-08 15:41:14 +00:00
parent eaccca5df3
commit 073384b262
5 changed files with 13 additions and 3 deletions
--- a/6
+++ b/6
@@ -1,6 +1,12 @@
 Changes with Apache 2.1.7
  [Remove entries to the current 2.0 section below, when backported]

+  *) Add additional SSLSessionCache option, 'internal', which makes
+     mod_ssl just use OpenSSL's own internal session ID cache. Useful
+     when one needs to disable any external, shared caches but
+     requires the server to send non-null session IDs.
+     [Jim Jagielski]
+
  *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
     [Paul Querna]

--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -83,7 +83,7 @@ static const command_rec ssl_config_cmds[] = {
                "or `exec:/path/to/cgi_program')")
    SSL_CMD_SRV(SessionCache, TAKE1,
                "SSL Session Cache storage "
-                "(`none', `dbm:/path/to/file')")
+                "(`none', `internal', `dbm:/path/to/file')")
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
    SSL_CMD_SRV(CryptoDevice, TAKE1,
                "SSL external Crypto Device usage "
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1001,6 +1001,10 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd,
        mc->nSessionCacheMode      = SSL_SCMODE_NONE;
        mc->szSessionCacheDataFile = NULL;
    }
+    else if (strcEQ(arg, "internal")) {
+        mc->nSessionCacheMode      = SSL_SCMODE_OPENSSL_INTERNAL;
+        mc->szSessionCacheDataFile = NULL;
+    }
    else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
        mc->nSessionCacheMode      = SSL_SCMODE_DBM;
        mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4);
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -467,7 +467,6 @@ static void ssl_init_ctx_session_cache(server_rec *s,
    SSL_CTX *ctx = mctx->ssl_ctx;
    SSLModConfigRec *mc = myModConfig(s);
    long cache_mode = SSL_SESS_CACHE_OFF;
-
    if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
        /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
         * to ignore process local-caching and
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -259,7 +259,8 @@ typedef enum {
    SSL_SCMODE_NONE  = 0,
    SSL_SCMODE_DBM   = 1,
    SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4
+    SSL_SCMODE_DC    = 4,
+    SSL_SCMODE_OPENSSL_INTERNAL = 5
 } ssl_scmode_t;

 /*