From: Jim Jagielski Date: Fri, 8 Jul 2005 15:41:14 +0000 (+0000) Subject: Fix case where buggy OpenSSL internal cache continually grows. X-Git-Tag: 2.1.7~37 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=073384b2624d94d92ade66816d35e9f4dff181d2;p=apache Fix case where buggy OpenSSL internal cache continually grows. So don't bother to store it, but still force OpenSSL to provide a Session ID. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e28e9300cf..c085918ee5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,12 @@ Changes with Apache 2.1.7 [Remove entries to the current 2.0 section below, when backported] + *) Add additional SSLSessionCache option, 'internal', which makes + mod_ssl just use OpenSSL's own internal session ID cache. Useful + when one needs to disable any external, shared caches but + requires the server to send non-null session IDs. + [Jim Jagielski] + *) Add httxt2dbm to support/ for creating RewriteMap DBM Files. [Paul Querna] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 146f7e7a66..66017302e6 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -83,7 +83,7 @@ static const command_rec ssl_config_cmds[] = { "or `exec:/path/to/cgi_program')") SSL_CMD_SRV(SessionCache, TAKE1, "SSL Session Cache storage " - "(`none', `dbm:/path/to/file')") + "(`none', `internal', `dbm:/path/to/file')") #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) SSL_CMD_SRV(CryptoDevice, TAKE1, "SSL external Crypto Device usage " diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index c6572216e2..304516021b 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -1001,6 +1001,10 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd, mc->nSessionCacheMode = SSL_SCMODE_NONE; mc->szSessionCacheDataFile = NULL; } + else if (strcEQ(arg, "internal")) { + mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL; + mc->szSessionCacheDataFile = NULL; + } else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) { mc->nSessionCacheMode = SSL_SCMODE_DBM; mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4); diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a2dd67bc22..0a545909d3 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -467,7 +467,6 @@ static void ssl_init_ctx_session_cache(server_rec *s, SSL_CTX *ctx = mctx->ssl_ctx; SSLModConfigRec *mc = myModConfig(s); long cache_mode = SSL_SESS_CACHE_OFF; - if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL * to ignore process local-caching and diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 71db2d1fd5..02cebee1fc 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -259,7 +259,8 @@ typedef enum { SSL_SCMODE_NONE = 0, SSL_SCMODE_DBM = 1, SSL_SCMODE_SHMCB = 3, - SSL_SCMODE_DC = 4 + SSL_SCMODE_DC = 4, + SSL_SCMODE_OPENSSL_INTERNAL = 5 } ssl_scmode_t; /*