#define AP_END_CMD { NULL }
+const char ssl_valid_ssl_mutex_string[] =
+ "Valid SSLMutex mechanisms are: `none', `default'"
+#if APR_HAS_FLOCK_SERIALIZE
+ ", `flock:/path/to/file'"
+#endif
+#if APR_HAS_FCNTL_SERIALIZE
+ ", `fcntl:/path/to/file'"
+#endif
+#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
+ ", `sysvsem'"
+#endif
+#if APR_HAS_POSIXSEM_SERIALIZE
+ ", `posixsem'"
+#endif
+#if APR_HAS_PROC_PTHREAD_SERIALIZE
+ ", `pthread'"
+#endif
+#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE
+ ", `file:/path/to/file'"
+#endif
+#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE
+ ", `sem'"
+#endif
+ " ";
+
static const command_rec ssl_config_cmds[] = {
/*
* Global (main-server) context configuration directives
*/
- SSL_CMD_SRV(Mutex, TAKE1,
- "SSL lock for handling internal mutual exclusions "
- "(`none', `file:/path/to/file')")
+ SSL_CMD_SRV(Mutex, TAKE1, ssl_valid_ssl_mutex_string)
SSL_CMD_SRV(PassPhraseDialog, TAKE1,
"SSL dialog mechanism for the pass phrase query "
"(`builtin', `|/path/to/pipe_program`, "
mc->pSessionCacheDataRMM = NULL;
mc->tSessionCacheDataTable = NULL;
mc->nMutexMode = SSL_MUTEXMODE_UNSET;
+ mc->nMutexMech = APR_LOCK_DEFAULT;
mc->szMutexFile = NULL;
mc->pMutex = NULL;
mc->aRandSeed = apr_array_make(pool, 4,
if (strcEQ(arg, "none") || strcEQ(arg, "no")) {
mc->nMutexMode = SSL_MUTEXMODE_NONE;
}
+ /* NOTE: previously, 'yes' implied 'sem' */
+ else if (strcEQ(arg, "default") || strcEQ(arg, "yes")) {
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_DEFAULT;
+ mc->szMutexFile = NULL; /* APR determines temporary filename */
+ }
+#if APR_HAS_FLOCK_SERIALIZE
+ else if (strlen(arg) > 6 && strcEQn(arg, "flock:", 6)) {
+ const char *file = ap_server_root_relative(cmd->pool, arg+6);
+ if (!file) {
+ return apr_pstrcat(cmd->pool, "Invalid SSLMutex flock: path ",
+ arg+6, NULL);
+ }
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_FLOCK;
+ mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
+ file, (unsigned long)getpid());
+ }
+#endif
+#if APR_HAS_FCNTL_SERIALIZE
+ else if (strlen(arg) > 6 && strcEQn(arg, "fcntl:", 6)) {
+ const char *file = ap_server_root_relative(cmd->pool, arg+6);
+ if (!file) {
+ return apr_pstrcat(cmd->pool, "Invalid SSLMutex fcntl: path ",
+ arg+6, NULL);
+ }
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_FCNTL;
+ mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
+ file, (unsigned long)getpid());
+ }
+#endif
+#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
+ else if (strcEQ(arg, "sysvsem")) {
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_SYSVSEM;
+ mc->szMutexFile = NULL; /* APR determines temporary filename */
+ }
+#endif
+#if APR_HAS_POSIXSEM_SERIALIZE
+ else if (strcEQ(arg, "posixsem")) {
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_POSIXSEM;
+ mc->szMutexFile = NULL; /* APR determines temporary filename */
+ }
+#endif
+#if APR_HAS_PROC_PTHREAD_SERIALIZE
+ else if (strcEQ(arg, "pthread")) {
+ mc->nMutexMode = SSL_MUTEXMODE_USED;
+ mc->nMutexMech = APR_LOCK_PROC_PTHREAD;
+ mc->szMutexFile = NULL; /* APR determines temporary filename */
+ }
+#endif
+#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE
else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {
const char *file = ap_server_root_relative(cmd->pool, arg+5);
if (!file) {
arg+5, NULL);
}
mc->nMutexMode = SSL_MUTEXMODE_USED;
+#if APR_HAS_FLOCK_SERIALIZE
+ mc->nMutexMech = APR_LOCK_FLOCK;
+#endif
+#if APR_HAS_FCNTL_SERIALIZE
+ mc->nMutexMech = APR_LOCK_FCNTL;
+#endif
mc->szMutexFile =
apr_psprintf(mc->pPool, "%s.%lu",
file, (unsigned long)getpid());
}
- else if (strcEQ(arg, "sem") || strcEQ(arg, "yes")) {
+#endif
+#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE
+ else if (strcEQ(arg, "sem")) {
mc->nMutexMode = SSL_MUTEXMODE_USED;
+#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
+ mc->nMutexMech = APR_LOCK_SYSVSEM;
+#endif
+#if APR_HAS_POSIXSEM_SERIALIZE
+ mc->nMutexMech = APR_LOCK_POSIXSEM;
+#endif
mc->szMutexFile = NULL; /* APR determines temporary filename */
}
+#endif
else {
return apr_pstrcat(cmd->pool, "Invalid SSLMutex argument ",
- arg, NULL);
+ arg, " (", ssl_valid_ssl_mutex_string, ")", NULL);
}
return NULL;
if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
APR_LOCK_DEFAULT, p)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot create SSLMutex file `%s'",
- mc->szMutexFile);
+ if (mc->szMutexFile)
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLMutex with file `%s'",
+ mc->szMutexFile);
+ else
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLMutex");
return FALSE;
}
int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
+ apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_child_init(&mc->pMutex,
- mc->szMutexFile, p) != APR_SUCCESS)
+ if ((rv = apr_global_mutex_child_init(&mc->pMutex,
+ mc->szMutexFile, p)) != APR_SUCCESS) {
+ if (mc->szMutexFile)
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot reinit SSLMutex with file `%s'",
+ mc->szMutexFile);
+ else
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
+ "Cannot reinit SSLMutex");
return FALSE;
+ }
return TRUE;
}