httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject [PATCH] Allow for internal OpenSSL Session Cache
Date Tue, 05 Jul 2005 17:32:54 GMT
I've run into this with some "broken" browsers. Basically, they
require a non-null SessionID in the SSL transaction. If, for whatever
reason, we disable the external SSL Session Cache, these
browsers reports errors when connecting to the SSL vhost.

This adds a new argument to SSLSessionCache which says "disable any
external session cache, but use OpenSSL's internal one" which makes
OpenSSL send the SessionID parameter again.


Index: modules/ssl/ssl_private.h
===================================================================
--- modules/ssl/ssl_private.h    (revision 209297)
+++ modules/ssl/ssl_private.h    (working copy)
@@ -259,7 +259,8 @@
      SSL_SCMODE_NONE  = 0,
      SSL_SCMODE_DBM   = 1,
      SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4
+    SSL_SCMODE_DC    = 4,
+    SSL_SCMODE_OPENSSL_INTERNAL = 5
} ssl_scmode_t;
/*
Index: modules/ssl/ssl_engine_init.c
===================================================================
--- modules/ssl/ssl_engine_init.c    (revision 209297)
+++ modules/ssl/ssl_engine_init.c    (working copy)
@@ -466,9 +466,20 @@
{
      SSL_CTX *ctx = mctx->ssl_ctx;
      SSLModConfigRec *mc = myModConfig(s);
-    long cache_mode = SSL_SESS_CACHE_OFF;
-
-    if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
+    long cache_mode;
+    if (mc->nSessionCacheMode == SSL_SCMODE_NONE) {
+        cache_mode = SSL_SESS_CACHE_OFF;
+    }
+    else if (mc->nSessionCacheMode == SSL_SCMODE_OPENSSL_INTERNAL) {
+          /* Special case where we disable any external caches
+           * but allow for OpenSSLs internal cache. The reason
+           * is that by using SSL_SESS_CACHE_OFF disables
+           * OpenSSL from sending a session ID, which causes problems
+           * for some browsers.
+           */
+        cache_mode = SSL_SESS_CACHE_SERVER;
+    }
+    else {
          /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
           * to ignore process local-caching and
           * to always get/set/delete sessions using mod_ssl's  
callbacks.
Index: modules/ssl/ssl_engine_config.c
===================================================================
--- modules/ssl/ssl_engine_config.c    (revision 209297)
+++ modules/ssl/ssl_engine_config.c    (working copy)
@@ -1001,6 +1001,10 @@
          mc->nSessionCacheMode      = SSL_SCMODE_NONE;
          mc->szSessionCacheDataFile = NULL;
      }
+    else if (strcEQ(arg, "justinternal")) {
+        mc->nSessionCacheMode      = SSL_SCMODE_OPENSSL_INTERNAL;
+        mc->szSessionCacheDataFile = NULL;
+    }
      else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
          mc->nSessionCacheMode      = SSL_SCMODE_DBM;
          mc->szSessionCacheDataFile = ap_server_root_relative(mc- 
 >pPool, arg+4);
Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c    (revision 209297)
+++ modules/ssl/mod_ssl.c    (working copy)
@@ -83,7 +83,7 @@
                  "or `exec:/path/to/cgi_program')")
      SSL_CMD_SRV(SessionCache, TAKE1,
                  "SSL Session Cache storage "
-                "(`none', `dbm:/path/to/file')")
+                "(`none', `justinternal', `dbm:/path/to/file')")
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
      SSL_CMD_SRV(CryptoDevice, TAKE1,
                  "SSL external Crypto Device usage "


Mime
View raw message