force OpenSSL to ignore process local-caching and to always

author Doug MacEachern <dougm@apache.org>

Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)

committer Doug MacEachern <dougm@apache.org>

Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)
author Doug MacEachern <dougm@apache.org>
Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)
committer Doug MacEachern <dougm@apache.org>
Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)
diff --git a/CHANGES b/CHANGES

index 52f721a95484429fd705c10acdb51f6fb6714c9e..8bc3cbdf2ebd33f6bbe6f850418b44694cecca06 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
  Changes with Apache 2.0.25-dev
  
+  *) force OpenSSL to ignore process local-caching and to always
+     get/set/delete sessions using mod_ssl's callbacks
+     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
+      Geoff Thorpe <geoff@geoffthorpe.net>]
+
    *) Make the worker MPM shutdown and restart cleanly.  This also
       cleans up some race conditions, and gets the worker using
       pools more cleanly.  [Aaron Bannert <aaron@clove.org>]
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index ab5ad89f323ed0d7afe0972ea6b55210f7981dfa..73e6f21b2771819c62e1c68413d51fa55391e9b7 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -468,6 +468,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
      BOOL bSkipFirst;
      int isca, pathlen;
      int i, n;
+    long cache_mode;
  
      /*
       * Create the server host:port string because we need it a lot
@@ -529,10 +530,18 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
       * Configure additional context ingredients
       */
      SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+    if (mc->nSessionCacheMode == SSL_SCMODE_NONE) {
+        cache_mode = SSL_SESS_CACHE_OFF;
+    }
+    else {
+        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
+         * to ignore process local-caching and
+         * to always get/set/delete sessions using mod_ssl's callbacks.
+         */
+        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    }
+
+    SSL_CTX_set_session_cache_mode(ctx, cache_mode);
  
      /*
       *  Configure callbacks for SSL context
author	Doug MacEachern <dougm@apache.org>
	Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)
committer	Doug MacEachern <dougm@apache.org>
	Fri, 24 Aug 2001 23:25:14 +0000 (23:25 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_init.c		patch \| blob \| history