From: hno <> Date: Fri, 18 Mar 2005 23:32:37 +0000 (+0000) Subject: From ssl-2.5 2004/10/22 14:52:33 X-Git-Tag: SQUID_3_0_PRE4~836 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b13877cc7baf405b50fb64e16e82dccf23c096b5;p=thirdparty%2Fsquid.git From ssl-2.5 2004/10/22 14:52:33 NO_SESSION_REUSE https_port ssl flag, disabling the SSL session reuse / resumption support. --- diff --git a/src/cf.data.pre b/src/cf.data.pre index 9650ff5870..6068cfa601 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.381 2005/03/18 15:36:07 hno Exp $ +# $Id: cf.data.pre,v 1.382 2005/03/18 16:32:37 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -197,6 +197,9 @@ DOC_START NO_DEFAULT_CA Don't use the default CA list built in to OpenSSL + NO_SESSION_REUSE + Don't allow for session reuse. Each connection + will result in a new SSL session. sslcontext= SSL session ID context identifier. diff --git a/src/ssl_support.cc b/src/ssl_support.cc index 96880763ba..3e3cbd63ec 100644 --- a/src/ssl_support.cc +++ b/src/ssl_support.cc @@ -1,6 +1,6 @@ /* - * $Id: ssl_support.cc,v 1.25 2005/03/18 16:06:11 hno Exp $ + * $Id: ssl_support.cc,v 1.26 2005/03/18 16:32:37 hno Exp $ * * AUTHOR: Benno Rice * DEBUG: section 83 SSL accelerator support @@ -411,6 +411,7 @@ no_options: #define SSL_FLAG_DELAYED_AUTH (1<<1) #define SSL_FLAG_DONT_VERIFY_PEER (1<<2) #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3) +#define SSL_FLAG_NO_SESSION_REUSE (1<<4) static long ssl_parse_flags(const char *flags) @@ -435,6 +436,8 @@ ssl_parse_flags(const char *flags) fl |= SSL_FLAG_DONT_VERIFY_PEER; else if (strcmp(flag, "DONT_VERIFY_DOMAIN") == 0) fl |= SSL_FLAG_DONT_VERIFY_DOMAIN; + else if (strcmp(flag, "NO_SESSION_REUSE") == 0) + fl |= SSL_FLAG_NO_SESSION_REUSE; else fatalf("Unknown ssl flag '%s'", flag); @@ -543,6 +546,10 @@ sslCreateServerContext(const char *certfile, const char *keyfile, int version, c SSL_CTX_set_session_id_context(sslContext, context, strlen(context)); } + if (fl & SSL_FLAG_NO_SESSION_REUSE) { + SSL_CTX_set_session_cache_mode(sslContext, SSL_SESS_CACHE_OFF); + } + if (Config.SSL.unclean_shutdown) { debug(83, 5) ("Enabling quiet SSL shutdowns (RFC violation).\n");