From: Doug MacEachern <dougm@apache.org>
Date: Fri, 24 Aug 2001 23:25:14 +0000 (+0000)
Subject: force OpenSSL to ignore process local-caching and to always
X-Git-Tag: 2.0.25~64
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3ffec6690a140d43e437fec03efe74e4232cd5fe;p=apache

force OpenSSL to ignore process local-caching and to always
get/set/delete sessions using mod_ssl's callbacks
PR:
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:    dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90654 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 52f721a954..8bc3cbdf2e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.25-dev
 
+  *) force OpenSSL to ignore process local-caching and to always
+     get/set/delete sessions using mod_ssl's callbacks
+     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
+      Geoff Thorpe <geoff@geoffthorpe.net>]
+
   *) Make the worker MPM shutdown and restart cleanly.  This also
      cleans up some race conditions, and gets the worker using
      pools more cleanly.  [Aaron Bannert <aaron@clove.org>]
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index ab5ad89f32..73e6f21b27 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -468,6 +468,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
     BOOL bSkipFirst;
     int isca, pathlen;
     int i, n;
+    long cache_mode;
 
     /*
      * Create the server host:port string because we need it a lot
@@ -529,10 +530,18 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
      * Configure additional context ingredients
      */
     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+    if (mc->nSessionCacheMode == SSL_SCMODE_NONE) {
+        cache_mode = SSL_SESS_CACHE_OFF;
+    }
+    else {
+        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
+         * to ignore process local-caching and
+         * to always get/set/delete sessions using mod_ssl's callbacks.
+         */
+        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    }
+
+    SSL_CTX_set_session_cache_mode(ctx, cache_mode);
 
     /*
      *  Configure callbacks for SSL context