diff options
| author | Joe Orton <jorton@apache.org> | 2008-02-25 21:28:09 +0000 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2008-02-25 21:28:09 +0000 |
| commit | b6317ebc810bc0490c2657398fb7db579a9f071f (patch) | |
| tree | 6967e42b711e2a48207051cacb5f2b948980d4b3 /modules | |
| parent | 785c643624c582b9f9a0b4d8c1ea1af728eb3eba (diff) | |
| download | httpd-b6317ebc810bc0490c2657398fb7db579a9f071f.tar.gz | |
Session cache interface redesign, Part 5:
Use the ap_provider interface for session cache storage providers.
* modules/ssl/mod_ssl.c (modssl_register_scache): New function.
(ssl_register_hooks): Call it.
* modules/ssl/ssl_private.h: Define MODSSL_SESSCACHE_PROVIDER_GROUP
and MODSSL_SESSCACHE_PROVIDER_VERSION constants.
Remove ssl_scmode_t type. Change nSessionCacheMode in
SSLModConfigRec into a long sesscache_mode, storing the OpenSSL
SSL_SESS_CACHE_* flags directly.
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Set
sesscache_mode to SSL_SESS_CACHE_OFF by default.
(ssl_cmd_SSLSessionCache): Remove ifdef spaghetti; fetch configured
session cache by provider name. Set mc->sesscache_mode for
configured providers.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache): Use the
configured mode flags directly from mc->sesscache_mode.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631000 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/ssl/mod_ssl.c | 31 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_config.c | 92 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_init.c | 10 | ||||
| -rw-r--r-- | modules/ssl/ssl_private.h | 20 |
4 files changed, 86 insertions, 67 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index da2c252d4a..573255d2a8 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -28,6 +28,8 @@ #include "mod_ssl.h" #include "util_md5.h" #include "util_mutex.h" +#include "ap_provider.h" + #include <assert.h> /* @@ -452,6 +454,33 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) return ssl_init_ssl_connection(c, NULL); } +/* Register all session cache providers. */ +static void modssl_register_scache(apr_pool_t *p) +{ + /* shmcb is a cache of many names. */ + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmcb", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_shmcb); + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shmht", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_shmcb); + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "shm", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_shmcb); + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dbm", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_dbm); +#ifdef HAVE_DISTCACHE + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "dc", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_dc); +#endif +#ifdef HAVE_SSL_CACHE_MEMCACHE + ap_register_provider(p, MODSSL_SESSCACHE_PROVIDER_GROUP, "mc", + MODSSL_SESSCACHE_PROVIDER_VERSION, + &modssl_sesscache_mc); +#endif +} /* * the module registration phase @@ -480,6 +509,8 @@ static void ssl_register_hooks(apr_pool_t *p) ssl_var_register(p); + modssl_register_scache(p); + APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); } diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 5194e454a7..18acb83c77 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -28,6 +28,7 @@ -- Unknown */ #include "ssl_private.h" #include "util_mutex.h" +#include "ap_provider.h" /* _________________________________________________________________ ** @@ -58,7 +59,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) /* * initialize per-module configuration */ - mc->nSessionCacheMode = SSL_SCMODE_UNSET; + mc->sesscache_mode = SSL_SESS_CACHE_OFF; mc->sesscache = NULL; mc->nMutexMode = SSL_MUTEXMODE_UNSET; mc->nMutexMech = APR_LOCK_DEFAULT; @@ -951,8 +952,8 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd, const char *arg) { SSLModConfigRec *mc = myModConfig(cmd->server); - const char *err, *colon; - int arglen = strlen(arg); + const char *err, *sep; + long enabled_flags; if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -962,52 +963,55 @@ const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd, return NULL; } + /* The OpenSSL session cache mode must have both the flags + * SSL_SESS_CACHE_SERVER and SSL_SESS_CACHE_NO_INTERNAL set if a + * session cache is configured; NO_INTERNAL prevents the + * OpenSSL-internal session cache being used in addition to the + * "external" (mod_ssl-provided) cache, which otherwise causes + * additional memory consumption. */ + enabled_flags = SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL; + if (strcEQ(arg, "none")) { - mc->nSessionCacheMode = SSL_SCMODE_NONE; + /* Nothing to do; session cache will be off. */ } else if (strcEQ(arg, "nonenotnull")) { - mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL; - } - else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) { - mc->nSessionCacheMode = SSL_SCMODE_DBM; - mc->sesscache = &modssl_sesscache_dbm; - err = mc->sesscache->create(&mc->sesscache_context, arg + 4, - cmd->pool, mc->pPool); - } - else if (((arglen > 4) && strcEQn(arg, "shm:", 4)) || - ((arglen > 6) && strcEQn(arg, "shmht:", 6)) || - ((arglen > 6) && strcEQn(arg, "shmcb:", 6))) { -#if !APR_HAS_SHARED_MEMORY - return MODSSL_NO_SHARED_MEMORY_ERROR; -#endif - mc->nSessionCacheMode = SSL_SCMODE_SHMCB; - mc->sesscache = &modssl_sesscache_shmcb; - colon = ap_strchr_c(arg, ':'); - err = mc->sesscache->create(&mc->sesscache_context, colon + 1, - cmd->pool, mc->pPool); - } - else if ((arglen > 3) && strcEQn(arg, "dc:", 3)) { -#ifdef HAVE_DISTCACHE - mc->nSessionCacheMode = SSL_SCMODE_DC; - mc->sesscache = &modssl_sesscache_dc; - err = mc->sesscache->create(&mc->sesscache_context, arg + 3, - cmd->pool, mc->pPool); -#else - err = "distcache support disabled"; -#endif - } - else if ((arglen > 3) && strcEQn(arg, "memcache:", 9)) { -#ifdef HAVE_SSL_CACHE_MEMCACHE - mc->nSessionCacheMode = SSL_SCMODE_MC; - mc->sesscache = &modssl_sesscache_mc; - err = mc->sesscache->create(&mc->sesscache_context, arg + 9, - cmd->pool, mc->pPool); -#else - err = "memcache support disabled"; -#endif + /* ### Having a separate mode for this seems logically + * unnecessary; the stated purpose of sending non-empty + * session IDs would be better fixed in OpenSSL or simply + * doing it by default if "none" is used. */ + mc->sesscache_mode = enabled_flags; + } + else if ((sep = ap_strchr_c(arg, ':')) != NULL) { + char *name = apr_pstrmemdup(cmd->pool, arg, sep - arg); + + /* Find the provider of given name. */ + mc->sesscache = ap_lookup_provider(MODSSL_SESSCACHE_PROVIDER_GROUP, + name, + MODSSL_SESSCACHE_PROVIDER_VERSION); + if (mc->sesscache) { + /* Cache found; create it, passing anything beyond the colon. */ + mc->sesscache_mode = enabled_flags; + err = mc->sesscache->create(&mc->sesscache_context, sep + 1, + cmd->pool, mc->pPool); + } + else { + apr_array_header_t *name_list; + const char *all_names; + + /* Build a comma-separated list of all registered provider + * names: */ + name_list = ap_list_provider_names(cmd->pool, + MODSSL_SESSCACHE_PROVIDER_GROUP, + MODSSL_SESSCACHE_PROVIDER_VERSION); + all_names = apr_array_pstrcat(cmd->pool, name_list, ','); + + err = apr_psprintf(cmd->pool, "'%s' session cache not supported " + "(known names: %s)", name, all_names); + } } else { - err = "Invalid argument"; + err = apr_psprintf(cmd->pool, "'%s' session cache not supported or missing argument", + arg); } if (err) { diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 39c45828bc..df68601cc3 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -481,16 +481,8 @@ static void ssl_init_ctx_session_cache(server_rec *s, { SSL_CTX *ctx = mctx->ssl_ctx; SSLModConfigRec *mc = myModConfig(s); - long cache_mode = SSL_SESS_CACHE_OFF; - if (mc->nSessionCacheMode != SSL_SCMODE_NONE) { - /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL - * to ignore process local-caching and - * to always get/set/delete sessions using mod_ssl's callbacks. - */ - cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL; - } - SSL_CTX_set_session_cache_mode(ctx, cache_mode); + SSL_CTX_set_session_cache_mode(ctx, mc->sesscache_mode); if (mc->sesscache) { SSL_CTX_sess_set_new_cb(ctx, ssl_callback_NewSessionCacheEntry); diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 62fb206731..0f20b535a2 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -271,19 +271,6 @@ typedef enum { typedef unsigned int ssl_pathcheck_t; /** - * Define the SSL session cache modes and structures - */ -typedef enum { - SSL_SCMODE_UNSET = UNSET, - SSL_SCMODE_NONE = 0, - SSL_SCMODE_DBM = 1, - SSL_SCMODE_SHMCB = 3, - SSL_SCMODE_DC = 4, - SSL_SCMODE_MC = 5, - SSL_SCMODE_NONE_NOT_NULL = 6 -} ssl_scmode_t; - -/** * Define the SSL mutex modes */ typedef enum { @@ -364,6 +351,9 @@ typedef struct { int non_ssl_request; } SSLConnRec; +#define MODSSL_SESSCACHE_PROVIDER_GROUP "mod_ssl-sesscache" +#define MODSSL_SESSCACHE_PROVIDER_VERSION "0" + /* Session cache provider vtable. */ typedef struct { /* Create a session cache based on the given configuration string @@ -405,7 +395,9 @@ typedef struct { pid_t pid; apr_pool_t *pPool; BOOL bFixed; - int nSessionCacheMode; + + /* OpenSSL SSL_SESS_CACHE_* flags: */ + long sesscache_mode; /* The configured provider, and associated private data * structure. */ |