httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r631000 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_private.h
Date Mon, 25 Feb 2008 21:28:11 GMT
Author: jorton
Date: Mon Feb 25 13:28:09 2008
New Revision: 631000

URL: http://svn.apache.org/viewvc?rev=631000&view=rev
Log:
Session cache interface redesign, Part 5:

Use the ap_provider interface for session cache storage providers.

* modules/ssl/mod_ssl.c (modssl_register_scache): New function.
  (ssl_register_hooks): Call it.

* modules/ssl/ssl_private.h: Define MODSSL_SESSCACHE_PROVIDER_GROUP
  and MODSSL_SESSCACHE_PROVIDER_VERSION constants.
  Remove ssl_scmode_t type.  Change nSessionCacheMode in
  SSLModConfigRec into a long sesscache_mode, storing the OpenSSL
  SSL_SESS_CACHE_* flags directly.

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Set
  sesscache_mode to SSL_SESS_CACHE_OFF by default.
  (ssl_cmd_SSLSessionCache): Remove ifdef spaghetti; fetch configured
  session cache by provider name.  Set mc->sesscache_mode for
  configured providers.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache): Use the
  configured mode flags directly from mc->sesscache_mode.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=631000&r1=630999&r2=631000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Mon Feb 25 13:28:09 2008
@@ -28,6 +28,8 @@
 #include "mod_ssl.h"
 #include "util_md5.h"
 #include "util_mutex.h"
+#include "ap_provider.h"
+
 #include <assert.h>
 
 /*
@@ -452,6 +454,33 @@
     return ssl_init_ssl_connection(c, NULL);
 }
 
+/* Register all session cache providers. */
+static void modssl_register_scache(apr_pool_t *p)
+{
+    /* shmcb is a cache of many names. */
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmcb", 
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_shmcb);
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmht", 
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_shmcb);
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shm", 
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_shmcb);
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dbm",
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_dbm);
+#ifdef HAVE_DISTCACHE
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dc",
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_dc);
+#endif
+#ifdef HAVE_SSL_CACHE_MEMCACHE
+    ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "mc",
+                         MODSSL_SESSCACHE_PROVIDER_VERSION,
+                         &modssl_sesscache_mc);
+#endif
+}
 
 /*
  *  the module registration phase
@@ -479,6 +508,8 @@
     ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
 
     ssl_var_register(p);
+
+    modssl_register_scache(p);
 
     APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
     APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=631000&r1=630999&r2=631000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Mon Feb 25 13:28:09 2008
@@ -28,6 +28,7 @@
                                                -- Unknown        */
 #include "ssl_private.h"
 #include "util_mutex.h"
+#include "ap_provider.h"
 
 /*  _________________________________________________________________
 **
@@ -58,7 +59,7 @@
     /*
      * initialize per-module configuration
      */
-    mc->nSessionCacheMode      = SSL_SCMODE_UNSET;
+    mc->sesscache_mode         = SSL_SESS_CACHE_OFF;
     mc->sesscache              = NULL;
     mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
     mc->nMutexMech             = APR_LOCK_DEFAULT;
@@ -951,8 +952,8 @@
                                     const char *arg)
 {
     SSLModConfigRec *mc = myModConfig(cmd->server);
-    const char *err, *colon;
-    int arglen = strlen(arg);
+    const char *err, *sep;
+    long enabled_flags;
 
     if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
         return err;
@@ -962,52 +963,55 @@
         return NULL;
     }
 
+    /* The OpenSSL session cache mode must have both the flags
+     * SSL_SESS_CACHE_SERVER and SSL_SESS_CACHE_NO_INTERNAL set if a
+     * session cache is configured; NO_INTERNAL prevents the
+     * OpenSSL-internal session cache being used in addition to the
+     * "external" (mod_ssl-provided) cache, which otherwise causes
+     * additional memory consumption. */
+    enabled_flags = SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL;
+
     if (strcEQ(arg, "none")) {
-        mc->nSessionCacheMode      = SSL_SCMODE_NONE;
+        /* Nothing to do; session cache will be off. */
     }
     else if (strcEQ(arg, "nonenotnull")) {
-        mc->nSessionCacheMode      = SSL_SCMODE_NONE_NOT_NULL;
-    }
-    else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
-        mc->nSessionCacheMode      = SSL_SCMODE_DBM;
-        mc->sesscache = &modssl_sesscache_dbm;
-        err = mc->sesscache->create(&mc->sesscache_context, arg + 4, 
-                                    cmd->pool, mc->pPool);
-    }
-    else if (((arglen > 4) && strcEQn(arg, "shm:", 4)) ||
-             ((arglen > 6) && strcEQn(arg, "shmht:", 6)) ||
-             ((arglen > 6) && strcEQn(arg, "shmcb:", 6))) {
-#if !APR_HAS_SHARED_MEMORY
-        return MODSSL_NO_SHARED_MEMORY_ERROR;
-#endif
-        mc->nSessionCacheMode      = SSL_SCMODE_SHMCB;
-        mc->sesscache = &modssl_sesscache_shmcb;
-        colon = ap_strchr_c(arg, ':');
-        err = mc->sesscache->create(&mc->sesscache_context, colon + 1,
-                                    cmd->pool, mc->pPool);
-    }
-    else if ((arglen > 3) && strcEQn(arg, "dc:", 3)) {
-#ifdef HAVE_DISTCACHE
-        mc->nSessionCacheMode      = SSL_SCMODE_DC;
-        mc->sesscache = &modssl_sesscache_dc;
-        err = mc->sesscache->create(&mc->sesscache_context, arg + 3,
-                                    cmd->pool, mc->pPool);
-#else
-        err = "distcache support disabled";
-#endif
-    }
-    else if ((arglen > 3) && strcEQn(arg, "memcache:", 9)) {
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-        mc->nSessionCacheMode      = SSL_SCMODE_MC;
-        mc->sesscache = &modssl_sesscache_mc;
-        err = mc->sesscache->create(&mc->sesscache_context, arg + 9,
-                                    cmd->pool, mc->pPool);
-#else
-        err = "memcache support disabled";
-#endif
+        /* ### Having a separate mode for this seems logically
+         * unnecessary; the stated purpose of sending non-empty
+         * session IDs would be better fixed in OpenSSL or simply
+         * doing it by default if "none" is used. */
+        mc->sesscache_mode = enabled_flags;
+    }
+    else if ((sep = ap_strchr_c(arg, ':')) != NULL) {
+        char *name = apr_pstrmemdup(cmd->pool, arg, sep - arg);
+
+        /* Find the provider of given name. */
+        mc->sesscache = ap_lookup_provider(MODSSL_SESSCACHE_PROVIDER_GROUP,
+                                           name,
+                                           MODSSL_SESSCACHE_PROVIDER_VERSION);
+        if (mc->sesscache) {
+            /* Cache found; create it, passing anything beyond the colon. */
+            mc->sesscache_mode = enabled_flags;
+            err = mc->sesscache->create(&mc->sesscache_context, sep + 1, 
+                                        cmd->pool, mc->pPool);
+        }
+        else {
+            apr_array_header_t *name_list;
+            const char *all_names;
+
+            /* Build a comma-separated list of all registered provider
+             * names: */
+            name_list = ap_list_provider_names(cmd->pool, 
+                                               MODSSL_SESSCACHE_PROVIDER_GROUP,
+                                               MODSSL_SESSCACHE_PROVIDER_VERSION);
+            all_names = apr_array_pstrcat(cmd->pool, name_list, ',');
+
+            err = apr_psprintf(cmd->pool, "'%s' session cache not supported "
+                               "(known names: %s)", name, all_names);
+        }
     }
     else {
-        err = "Invalid argument";
+        err = apr_psprintf(cmd->pool, "'%s' session cache not supported or missing argument",
+                           arg);
     }
 
     if (err) {

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=631000&r1=630999&r2=631000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Feb 25 13:28:09 2008
@@ -481,16 +481,8 @@
 {
     SSL_CTX *ctx = mctx->ssl_ctx;
     SSLModConfigRec *mc = myModConfig(s);
-    long cache_mode = SSL_SESS_CACHE_OFF;
-    if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
-        /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
-         * to ignore process local-caching and
-         * to always get/set/delete sessions using mod_ssl's callbacks.
-         */
-        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL;
-    }
 
-    SSL_CTX_set_session_cache_mode(ctx, cache_mode);
+    SSL_CTX_set_session_cache_mode(ctx, mc->sesscache_mode);
 
     if (mc->sesscache) {
         SSL_CTX_sess_set_new_cb(ctx,    ssl_callback_NewSessionCacheEntry);

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=631000&r1=630999&r2=631000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Mon Feb 25 13:28:09 2008
@@ -271,19 +271,6 @@
 typedef unsigned int ssl_pathcheck_t;
 
 /**
- * Define the SSL session cache modes and structures
- */
-typedef enum {
-    SSL_SCMODE_UNSET = UNSET,
-    SSL_SCMODE_NONE  = 0,
-    SSL_SCMODE_DBM   = 1,
-    SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4,
-    SSL_SCMODE_MC    = 5,
-    SSL_SCMODE_NONE_NOT_NULL = 6
-} ssl_scmode_t;
-
-/**
  * Define the SSL mutex modes
  */
 typedef enum {
@@ -364,6 +351,9 @@
     int non_ssl_request;
 } SSLConnRec;
 
+#define MODSSL_SESSCACHE_PROVIDER_GROUP "mod_ssl-sesscache"
+#define MODSSL_SESSCACHE_PROVIDER_VERSION "0"
+
 /* Session cache provider vtable. */
 typedef struct {
     /* Create a session cache based on the given configuration string
@@ -405,7 +395,9 @@
     pid_t           pid;
     apr_pool_t     *pPool;
     BOOL            bFixed;
-    int             nSessionCacheMode;
+
+    /* OpenSSL SSL_SESS_CACHE_* flags: */
+    long            sesscache_mode;
 
     /* The configured provider, and associated private data
      * structure. */



Mime
View raw message