From: Madhusudan Mathihalli Date: Fri, 26 Mar 2004 23:53:35 +0000 (+0000) Subject: In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP X-Git-Tag: pre_ajp_proxy~446 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b9164cbc0b4124657d8f126fa833fc4a2867254f;p=apache In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP just prevents the internal lookup but does not prevent the caching. OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to prevent OpenSSL from both lookup and caching the sessions internally. PR: 26562 Reviewed by: Geoff Thorpe, Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103165 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 8087f16ef4..c7650f9143 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory + leak. PR 26562. [Madhusudan Mathihalli] + *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack is set in r->subprocess_env allow mismatched query strings to pass. PR 27758. [Paul Querna , Geoffrey Young] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 95d3b5be58..e2c29b448b 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -446,11 +446,11 @@ static void ssl_init_ctx_session_cache(server_rec *s, long cache_mode = SSL_SESS_CACHE_OFF; if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { - /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL + /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL * to ignore process local-caching and * to always get/set/delete sessions using mod_ssl's callbacks. */ - cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; + cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL; } SSL_CTX_set_session_cache_mode(ctx, cache_mode); diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index 8e14042990..367e12e60d 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -223,4 +223,8 @@ typedef void (*modssl_popfree_fn)(char *data); SSL_set_verify(ssl, verify, cb) #endif +#ifndef SSL_SESS_CACHE_NO_INTERNAL +#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +#endif + #endif /* SSL_TOOLKIT_COMPAT_H */