From: Doug MacEachern <dougm@apache.org>
Date: Fri, 24 Aug 2001 23:25:14 +0000 (+0000)
Subject: force OpenSSL to ignore process local-caching and to always
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea444b92b7201e8dfa70da0ab16ae5802abc736b;p=thirdparty%2Fapache%2Fhttpd.git

force OpenSSL to ignore process local-caching and to always
get/set/delete sessions using mod_ssl's callbacks
PR:
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:    dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90654 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_init.c b/ssl_engine_init.c
index ab5ad89f323..73e6f21b277 100644
--- a/ssl_engine_init.c
+++ b/ssl_engine_init.c
@@ -468,6 +468,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
     BOOL bSkipFirst;
     int isca, pathlen;
     int i, n;
+    long cache_mode;
 
     /*
      * Create the server host:port string because we need it a lot
@@ -529,10 +530,18 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
      * Configure additional context ingredients
      */
     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+    if (mc->nSessionCacheMode == SSL_SCMODE_NONE) {
+        cache_mode = SSL_SESS_CACHE_OFF;
+    }
+    else {
+        /* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP will force OpenSSL
+         * to ignore process local-caching and
+         * to always get/set/delete sessions using mod_ssl's callbacks.
+         */
+        cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    }
+
+    SSL_CTX_set_session_cache_mode(ctx, cache_mode);
 
     /*
      *  Configure callbacks for SSL context