force OpenSSL to ignore process local-caching and to always

get/set/delete sessions using mod_ssl's callbacks
PR:
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:    dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90654 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -1,5 +1,10 @@
 Changes with Apache 2.0.25-dev
 
+  *) force OpenSSL to ignore process local-caching and to always
+     get/set/delete sessions using mod_ssl's callbacks
+     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
+      Geoff Thorpe <geoff@geoffthorpe.net>]
+
   *) Make the worker MPM shutdown and restart cleanly.  This also
      cleans up some race conditions, and gets the worker using
      pools more cleanly.  [Aaron Bannert <aaron@clove.org>]

modules/ssl/ssl_engine_init.c

@@ -468,6 +468,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
     BOOL bSkipFirst;
     int isca, pathlen;
     int i, n;
+    long cache_mode;
 
     /*
      * Create the server host:port string because we need it a lot
@@ -529,10 +530,18 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
      * Configure additional context ingredients
      */
     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
+    if (mc->nSessionCacheMode == SSL_SCMODE_NONE) {
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+        cache_mode = SSL_SESS_CACHE_OFF;
-    else
+    }
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+    else {
+        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
+         * to ignore process local-caching and
+         * to always get/set/delete sessions using mod_ssl's callbacks.
+         */
+        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    }
+
+    SSL_CTX_set_session_cache_mode(ctx, cache_mode);
 
     /*
      *  Configure callbacks for SSL context