Commit 3547116a authored by Madhusudan Mathihalli's avatar Madhusudan Mathihalli
Browse files

In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 

just prevents the internal lookup but does not prevent the caching.
OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
prevent OpenSSL from both lookup and caching the sessions internally.

PR: 26562
Reviewed by: Geoff Thorpe, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103165 13f79535-47bb-0310-9956-ffa450edef68
parent 57e57864

ssl_engine_init.c

+2 −2
Original line number Diff line number Diff line
@@ -446,11 +446,11 @@ static void ssl_init_ctx_session_cache(server_rec *s, 
    long cache_mode = SSL_SESS_CACHE_OFF;



    if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {

        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL

        /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL

         * to ignore process local-caching and

         * to always get/set/delete sessions using mod_ssl's callbacks.

         */

        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;

        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL;

    }



    SSL_CTX_set_session_cache_mode(ctx, cache_mode);

ssl_toolkit_compat.h

+4 −0
Original line number Diff line number Diff line
@@ -223,4 +223,8 @@ typedef void (*modssl_popfree_fn)(char *data); 
    SSL_set_verify(ssl, verify, cb)

#endif



#ifndef SSL_SESS_CACHE_NO_INTERNAL

#define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

#endif



#endif /* SSL_TOOLKIT_COMPAT_H */