Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 56153 invoked from network); 26 Mar 2004 23:53:37 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 26 Mar 2004 23:53:37 -0000 Received: (qmail 61998 invoked by uid 500); 26 Mar 2004 23:53:22 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 61942 invoked by uid 500); 26 Mar 2004 23:53:22 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 61927 invoked by uid 500); 26 Mar 2004 23:53:22 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Received: (qmail 61923 invoked from network); 26 Mar 2004 23:53:22 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 26 Mar 2004 23:53:22 -0000 Received: (qmail 56138 invoked by uid 1629); 26 Mar 2004 23:53:35 -0000 Date: 26 Mar 2004 23:53:35 -0000 Message-ID: <20040326235335.56137.qmail@minotaur.apache.org> From: madhum@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/modules/ssl ssl_toolkit_compat.h ssl_engine_init.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N madhum 2004/03/26 15:53:35 Modified: . CHANGES modules/ssl ssl_toolkit_compat.h ssl_engine_init.c Log: In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP just prevents the internal lookup but does not prevent the caching. OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to prevent OpenSSL from both lookup and caching the sessions internally. PR: 26562 Reviewed by: Geoff Thorpe, Joe Orton Revision Changes Path 1.1439 +3 -0 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.1438 retrieving revision 1.1439 diff -u -r1.1438 -r1.1439 --- CHANGES 25 Mar 2004 02:33:57 -0000 1.1438 +++ CHANGES 26 Mar 2004 23:53:35 -0000 1.1439 @@ -2,6 +2,9 @@ [Remove entries to the current 2.0 section below, when backported] + *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory + leak. PR 26562. [Madhusudan Mathihalli] + *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack is set in r->subprocess_env allow mismatched query strings to pass. PR 27758. [Paul Querna , Geoffrey Young] 1.41 +4 -0 httpd-2.0/modules/ssl/ssl_toolkit_compat.h Index: ssl_toolkit_compat.h =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- ssl_toolkit_compat.h 9 Feb 2004 20:29:22 -0000 1.40 +++ ssl_toolkit_compat.h 26 Mar 2004 23:53:35 -0000 1.41 @@ -223,4 +223,8 @@ SSL_set_verify(ssl, verify, cb) #endif +#ifndef SSL_SESS_CACHE_NO_INTERNAL +#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +#endif + #endif /* SSL_TOOLKIT_COMPAT_H */ 1.127 +2 -2 httpd-2.0/modules/ssl/ssl_engine_init.c Index: ssl_engine_init.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.126 retrieving revision 1.127 diff -u -r1.126 -r1.127 --- ssl_engine_init.c 5 Mar 2004 02:44:40 -0000 1.126 +++ ssl_engine_init.c 26 Mar 2004 23:53:35 -0000 1.127 @@ -446,11 +446,11 @@ long cache_mode = SSL_SESS_CACHE_OFF; if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { - /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL + /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL * to ignore process local-caching and * to always get/set/delete sessions using mod_ssl's callbacks. */ - cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; + cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL; } SSL_CTX_set_session_cache_mode(ctx, cache_mode);