httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r209827 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.html.en docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_private.h
Date Fri, 08 Jul 2005 16:26:42 GMT
On Fri, Jul 08, 2005 at 03:58:47PM -0000, Jim Jagielski wrote:
> Author: jim
> Date: Fri Jul  8 08:58:46 2005
> New Revision: 209827
> 
> URL: http://svn.apache.org/viewcvs?rev=209827&view=rev
> Log:
> Good suggestion from a private Email. name changes.

"nonenotnull" is a *good* name suggestion?  I'd hate to see a bad one 
then :) Please justify why you can't just enable a real session cache in 
this case, else -1 for this feature.

I believe there are still cases where MSIE will barf if the server won't 
resume a session in new connections (when using client certs IIRC), so I 
I really don't think this is worthwhile.

> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
>     httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
>     httpd/httpd/trunk/modules/ssl/mod_ssl.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
>     httpd/httpd/trunk/modules/ssl/ssl_private.h
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES (original)
> +++ httpd/httpd/trunk/CHANGES Fri Jul  8 08:58:46 2005
> @@ -1,11 +1,9 @@
>  Changes with Apache 2.1.7
>    [Remove entries to the current 2.0 section below, when backported]
>  
> -  *) Add additional SSLSessionCache option, 'internal', which makes
> -     mod_ssl just use OpenSSL's own internal session ID cache. Useful
> -     when one needs to disable any external, shared caches but
> -     requires the server to send non-null session IDs.
> -     [Jim Jagielski]
> +  *) Add additional SSLSessionCache option, 'nonenotnull', which is
> +     similar to 'none' (disabling any external shared cache) but forces
> +     OpenSSL to provide a non-null session ID.  [Jim Jagielski]
>  
>    *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
>       [Paul Querna]
> 
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Fri Jul  8 08:58:46 2005
> @@ -1532,12 +1532,11 @@
>      using certain browsers, particularly if client certificates are
>      enabled.  This setting is not recommended.</p></li>
>  
> -<li><code>internal</code>
> +<li><code>nonenotnull</code>
>  
>      <p>This disables any global/inter-process Session Cache.  However
> -    it does allow OpenSSL to use its own internal session cache. This in
> -    mainly useful in situations where a global cache cannot be used
> -    but the client requires a non-null session ID.</p></li>
> +    it does force OpenSSL to send a non-null session ID to
> +    accommodate buggy clients that require one.</p></li>
>  
>  <li><code>dbm:/path/to/datafile</code>
>  
> 
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Jul  8 08:58:46 2005
> @@ -412,12 +412,11 @@
>      using certain browsers, particularly if client certificates are
>      enabled.  This setting is not recommended.</p></li>
>  
> -<li><code>internal</code>
> +<li><code>nonenotnull</code>
>  
>      <p>This disables any global/inter-process Session Cache.  However
> -    it does allow OpenSSL to use its own internal session cache. This in
> -    mainly useful in situations where a global cache cannot be used
> -    but the client requires a non-null session ID.</p></li>
> +    it does force OpenSSL to send a non-null session ID to
> +    accommodate buggy clients that require one.</p></li>
>  
>  <li><code>dbm:/path/to/datafile</code>
>  
> 
> Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
> +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Jul  8 08:58:46 2005
> @@ -83,7 +83,7 @@
>                  "or `exec:/path/to/cgi_program')")
>      SSL_CMD_SRV(SessionCache, TAKE1,
>                  "SSL Session Cache storage "
> -                "(`none', `internal', `dbm:/path/to/file')")
> +                "(`none', `nonenotnull', `dbm:/path/to/file')")
>  #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
>      SSL_CMD_SRV(CryptoDevice, TAKE1,
>                  "SSL external Crypto Device usage "
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jul  8 08:58:46 2005
> @@ -1001,8 +1001,8 @@
>          mc->nSessionCacheMode      = SSL_SCMODE_NONE;
>          mc->szSessionCacheDataFile = NULL;
>      }
> -    else if (strcEQ(arg, "internal")) {
> -        mc->nSessionCacheMode      = SSL_SCMODE_OPENSSL_INTERNAL;
> +    else if (strcEQ(arg, "nonenotnull")) {
> +        mc->nSessionCacheMode      = SSL_SCMODE_NONE_NOT_NULL;
>          mc->szSessionCacheDataFile = NULL;
>      }
>      else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
> URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=209827&r1=209826&r2=209827&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Jul  8 08:58:46 2005
> @@ -260,7 +260,7 @@
>      SSL_SCMODE_DBM   = 1,
>      SSL_SCMODE_SHMCB = 3,
>      SSL_SCMODE_DC    = 4,
> -    SSL_SCMODE_OPENSSL_INTERNAL = 5
> +    SSL_SCMODE_NONE_NOT_NULL = 5
>  } ssl_scmode_t;
>  
>  /*
> 

Mime
View raw message