Fix case where buggy OpenSSL internal cache continually grows.

So don't bother to store it, but still force OpenSSL
to provide a Session ID.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e28e9300cf39761d6909e0f5c969f6b24d77a216..c085918ee57d26032946c4e35b9ddc69ad8af9a0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
 Changes with Apache 2.1.7
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Add additional SSLSessionCache option, 'internal', which makes
+     mod_ssl just use OpenSSL's own internal session ID cache. Useful
+     when one needs to disable any external, shared caches but
+     requires the server to send non-null session IDs.
+     [Jim Jagielski]
+
   *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
      [Paul Querna]
 

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 146f7e7a66a544da6774f37c8317a690e093d7db..66017302e660ac4d5af1abf74178b8fa67a6d441 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -83,7 +83,7 @@ static const command_rec ssl_config_cmds[] = {
                 "or `exec:/path/to/cgi_program')")
     SSL_CMD_SRV(SessionCache, TAKE1,
                 "SSL Session Cache storage "
-                "(`none', `dbm:/path/to/file')")
+                "(`none', `internal', `dbm:/path/to/file')")
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
     SSL_CMD_SRV(CryptoDevice, TAKE1,
                 "SSL external Crypto Device usage "

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index c6572216e2cc700e6b5ffdaaca5b5be00684404c..304516021be5e3b2e8a533a557f38a7b924dc25b 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1001,6 +1001,10 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd,
         mc->nSessionCacheMode      = SSL_SCMODE_NONE;
         mc->szSessionCacheDataFile = NULL;
     }
+    else if (strcEQ(arg, "internal")) {
+        mc->nSessionCacheMode      = SSL_SCMODE_OPENSSL_INTERNAL;
+        mc->szSessionCacheDataFile = NULL;
+    }
     else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
         mc->nSessionCacheMode      = SSL_SCMODE_DBM;
         mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4);

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index a2dd67bc22bae2f815403082904af87476d33335..0a545909d3d404223dc5c0af93de4d1107840a3a 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -467,7 +467,6 @@ static void ssl_init_ctx_session_cache(server_rec *s,
     SSL_CTX *ctx = mctx->ssl_ctx;
     SSLModConfigRec *mc = myModConfig(s);
     long cache_mode = SSL_SESS_CACHE_OFF;
-
     if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
         /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
          * to ignore process local-caching and

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 71db2d1fd5eff73b0a7c7c2deb4aa721f62c95f0..02cebee1fc55515e302dd2ffa0b3b2041ee4b380 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -259,7 +259,8 @@ typedef enum {
     SSL_SCMODE_NONE  = 0,
     SSL_SCMODE_DBM   = 1,
     SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4
+    SSL_SCMODE_DC    = 4,
+    SSL_SCMODE_OPENSSL_INTERNAL = 5
 } ssl_scmode_t;
 
 /*