Expose whether a request was served over an Initial or Resumed SSL session to the...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@779005 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index b059e731e47e8047dafbe762350567fe14f73fa7..86e60ad7a17de549480c63010c369877ec233a7d 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -61,6 +61,7 @@ compatibility variables.</p>
 <tr><td><code>HTTPS</code></td>                         <td>flag</td>      <td>HTTPS is being used.</td></tr>
 <tr><td><code>SSL_PROTOCOL</code></td>                  <td>string</td>    <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
 <tr><td><code>SSL_SESSION_ID</code></td>                <td>string</td>    <td>The hex-encoded SSL session id</td></tr>
+<tr><td><code>SSL_SESSION_RESUMED</code></td>           <td>string</td>    <td>Initial or Resumed SSL Session.  Note: multiple requests may be served over the same (Initial or Resumed) SSL session if HTTP KeepAlive is in use</td></tr>
 <tr><td><code>SSL_CIPHER</code></td>                    <td>string</td>    <td>The cipher specification name</td></tr>
 <tr><td><code>SSL_CIPHER_EXPORT</code></td>             <td>string</td>    <td><code>true</code> if cipher is an export cipher</td></tr>
 <tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td>         <td>number</td>    <td>Number of cipher bits (actually used)</td></tr>
@@ -1285,13 +1286,13 @@ HTTPS                  SSL_CLIENT_M_VERSION   SSL_SERVER_M_VERSION
                        SSL_CLIENT_M_SERIAL    SSL_SERVER_M_SERIAL
 SSL_PROTOCOL           SSL_CLIENT_V_START     SSL_SERVER_V_START
 SSL_SESSION_ID         SSL_CLIENT_V_END       SSL_SERVER_V_END
-SSL_CIPHER             SSL_CLIENT_S_DN        SSL_SERVER_S_DN
-SSL_CIPHER_EXPORT      SSL_CLIENT_S_DN_C      SSL_SERVER_S_DN_C
-SSL_CIPHER_ALGKEYSIZE  SSL_CLIENT_S_DN_ST     SSL_SERVER_S_DN_ST
-SSL_CIPHER_USEKEYSIZE  SSL_CLIENT_S_DN_L      SSL_SERVER_S_DN_L
-SSL_VERSION_LIBRARY    SSL_CLIENT_S_DN_O      SSL_SERVER_S_DN_O
-SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
-                       SSL_CLIENT_S_DN_CN     SSL_SERVER_S_DN_CN
+SSL_SESSION_RESUMED    SSL_CLIENT_S_DN        SSL_SERVER_S_DN
+SSL_CIPHER             SSL_CLIENT_S_DN_C      SSL_SERVER_S_DN_C
+SSL_CIPHER_EXPORT      SSL_CLIENT_S_DN_ST     SSL_SERVER_S_DN_ST
+SSL_CIPHER_ALGKEYSIZE  SSL_CLIENT_S_DN_L      SSL_SERVER_S_DN_L
+SSL_CIPHER_USEKEYSIZE  SSL_CLIENT_S_DN_O      SSL_SERVER_S_DN_O
+SSL_VERSION_LIBRARY    SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
+SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_CN     SSL_SERVER_S_DN_CN
                        SSL_CLIENT_S_DN_T      SSL_SERVER_S_DN_T
                        SSL_CLIENT_S_DN_I      SSL_SERVER_S_DN_I
                        SSL_CLIENT_S_DN_G      SSL_SERVER_S_DN_G

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index b12850034e3695548a9687995b2758f82ccab42a..2675b8f3d405ecba5084f5ed197b7c2a5d1c593e 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1047,6 +1047,7 @@ static const char *ssl_hook_Fixup_vars[] = {
     "SSL_SERVER_A_KEY",
     "SSL_SERVER_A_SIG",
     "SSL_SESSION_ID",
+    "SSL_SESSION_RESUMED",
     NULL
 };
 

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index c0023e2c27cae93d5da941a922f82e3454ee490f..a4c696e7aa872508ed024e1bc394aef93ca74a73 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -297,6 +297,12 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
                                      buf, sizeof(buf)));
         }
     }
+    else if(ssl != NULL && strcEQ(var, "SESSION_RESUMED")) {
+        if (SSL_session_reused(ssl) == 1) 
+            result = "Resumed";
+        else
+            result = "Initial";
+    }
     else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
         result = ssl_var_lookup_ssl_cipher(p, c, var+6);
     }