From b9164cbc0b4124657d8f126fa833fc4a2867254f Mon Sep 17 00:00:00 2001 From: Madhusudan Mathihalli Date: Fri, 26 Mar 2004 23:53:35 +0000 Subject: [PATCH] In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP just prevents the internal lookup but does not prevent the caching. OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to prevent OpenSSL from both lookup and caching the sessions internally. PR: 26562 Reviewed by: Geoff Thorpe, Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103165 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/ssl/ssl_engine_init.c | 4 ++-- modules/ssl/ssl_toolkit_compat.h | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8087f16ef4..c7650f9143 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory + leak. PR 26562. [Madhusudan Mathihalli] + *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack is set in r->subprocess_env allow mismatched query strings to pass. PR 27758. [Paul Querna , Geoffrey Young] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 95d3b5be58..e2c29b448b 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -446,11 +446,11 @@ static void ssl_init_ctx_session_cache(server_rec *s, long cache_mode = SSL_SESS_CACHE_OFF; if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { - /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL + /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL * to ignore process local-caching and * to always get/set/delete sessions using mod_ssl's callbacks. */ - cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; + cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL; } SSL_CTX_set_session_cache_mode(ctx, cache_mode); diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index 8e14042990..367e12e60d 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -223,4 +223,8 @@ typedef void (*modssl_popfree_fn)(char *data); SSL_set_verify(ssl, verify, cb) #endif +#ifndef SSL_SESS_CACHE_NO_INTERNAL +#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +#endif + #endif /* SSL_TOOLKIT_COMPAT_H */ -- 2.50.1