#
-# $Id: cf.data.pre,v 1.381 2005/03/18 15:36:07 hno Exp $
+# $Id: cf.data.pre,v 1.382 2005/03/18 16:32:37 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
NO_DEFAULT_CA
Don't use the default CA list built in
to OpenSSL
+ NO_SESSION_REUSE
+ Don't allow for session reuse. Each connection
+ will result in a new SSL session.
sslcontext= SSL session ID context identifier.
/*
- * $Id: ssl_support.cc,v 1.25 2005/03/18 16:06:11 hno Exp $
+ * $Id: ssl_support.cc,v 1.26 2005/03/18 16:32:37 hno Exp $
*
* AUTHOR: Benno Rice
* DEBUG: section 83 SSL accelerator support
#define SSL_FLAG_DELAYED_AUTH (1<<1)
#define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
#define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
+#define SSL_FLAG_NO_SESSION_REUSE (1<<4)
static long
ssl_parse_flags(const char *flags)
fl |= SSL_FLAG_DONT_VERIFY_PEER;
else if (strcmp(flag, "DONT_VERIFY_DOMAIN") == 0)
fl |= SSL_FLAG_DONT_VERIFY_DOMAIN;
+ else if (strcmp(flag, "NO_SESSION_REUSE") == 0)
+ fl |= SSL_FLAG_NO_SESSION_REUSE;
else
fatalf("Unknown ssl flag '%s'", flag);
SSL_CTX_set_session_id_context(sslContext, context, strlen(context));
}
+ if (fl & SSL_FLAG_NO_SESSION_REUSE) {
+ SSL_CTX_set_session_cache_mode(sslContext, SSL_SESS_CACHE_OFF);
+ }
+
if (Config.SSL.unclean_shutdown) {
debug(83, 5) ("Enabling quiet SSL shutdowns (RFC violation).\n");
projects / thirdparty / squid.git / commitdiff
