Hi all,
I've attached a patch for the current head of CVS that represents the
latest state of distcache support. This includes the autoconf hooks so
that, if mod_ssl is configured to be built, distcache support will be
probed for and enabled if found. If --enable-distcache is specified then
failure to autodetect distcache support will be considered an error, and
if --disable-distcache is specified then the distcache probes and
configuration steps are bypassed.
If anyone feels motivated to help review this, please grab the
appropriate bundle of distcache version 0.4pre2 from www.distcache.org.
There are (experimental) precompiled RPMs of distcache available for
x86, as well as source code of course. The support attached to this
email supercedes the apache-2 support packages at www.distcache.org so
please don't try to combine them - only distcache itself is required.
Once you have distcache's tools, libraries and headers installed, you
can hook things up with apache as follows;
distcache
---------
- start a cache server, eg;
# dc_server -daemon -listen IP:9001
- start a local proxy for the web-server to use, eg;
# dc_client -daemon -listen UNIX:/tmp/dc_client \
-server IP:localhost:9001
apache
------
- configure, compile, and install apache using the attached patch
*after* you've installed the distcache headers and libraries.
- change the SSLSessionCache directive to use distcache, eg;
SSLSessionCache dc:UNIX:/tmp/dc_client
That should be all that's required beyond the normal apache/mod_ssl
setup. I've tested this as best I can on the systems I have access to
and have observed no problems, ie. no known bugs - I'm keen to get
results from any "out of the ordinary" environments. If you set up
additional servers to test shared caching, give each its own instance of
"dc_client" with the "-server" switch pointing to the machine (and port)
that dc_server is listening on. It should work with hostname resolution
as well as dotted-numeric IP addresses (eg. "IP:192.168.0.1:9001",
"IP:cache-server.localnet:9001", etc). If everything is running on the
same host, you can elect to stick with unix domain addresses instead of
IPv4 for dc_server if you prefer.
If you're at a lost for testing apache's session caching behaviour, you
can try swamp at;
http://www.geoffthorpe.net/crypto/swamp/
It is written for this kind of thing and it supports multiple
destination addresses using arbitrary "distribution" patterns and
arbitrary session resume patterns. Eg;
# swamp -cipher RC4-MD5 -num 10 -count 20000 -update 10 \
-connect server1.localnet:443 \
-connect server2.localnet:443 \
-connect server3.localnet:443 \
-session "srrrsrr" \
-distribute 1,2,3,2
The above example will, in each of the 10 parallel "contexts", send each
subsequent request to servers 1, 2, 3, and then 2 again before starting
over - so server2 gets twice as many requests as server1 and server3.
Moreover, this pattern cycles every 4 requests, whereas the
session-resumption pattern "srrrsrr" has period 7 so things should mix
up nicely ("s" means neogitate a new session, "r" means try to resume
the last session we successfully negotiated). This will cause each web
server to try resuming SSL/TLS sessions previously negotiated by other
servers, and the statistics generated by swamp will display how many of
these resume attempts succeed.
Another aspect of this I would like help with is the stability of the
whole architecture as/when various services are interrupted and/or
restarted. The distcache side *should* be robust against crashes and/or
network interruptions, eg. if dc_client and/or dc_server are killed off
and then restarted at some point things should automatically re-organise
themselves on the fly. Apache's session caching should fail gracefully
if one of the components is shut-off or the distcache networking
disappears (which swamp will show with failed resume stats), and should
start working again automatically once the problem is resolved. Any
behaviour to the contrary is a bug.
If anyone is interested in this, please consider popping over to the
distcache-users mail list.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Index: LAYOUT
===================================================================
RCS file: /home/cvspublic/httpd-2.0/LAYOUT,v
retrieving revision 1.2
diff -u -r1.2 LAYOUT
--- LAYOUT 8 Dec 2002 21:05:55 -0000 1.2
+++ LAYOUT 3 Apr 2003 16:50:55 -0000
@@ -129,6 +129,7 @@
ssl_scache_dbm.c ........ session cache via DBM file
ssl_scache_shmcb.c ...... session cache via shared memory cyclic buffer
ssl_scache_shmht.c ...... session cache via shared memory hash table
+ ssl_scache_dc.c ......... session cache via Distcache (distributed)
ssl_util.c .............. utility functions
ssl_util_ssl.c .......... the OpenSSL companion source
ssl_util_ssl.h .......... the OpenSSL companion header
Index: acconfig.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/acconfig.h,v
retrieving revision 1.2
diff -u -r1.2 acconfig.h
--- acconfig.h 13 Mar 2003 20:36:39 -0000 1.2
+++ acconfig.h 3 Apr 2003 16:50:55 -0000
@@ -6,3 +6,7 @@
/* Define this if we are building with SSL-C */
#undef HAVE_SSLC
+
+/* Define this if we are building with Distcache support */
+#undef HAVE_DISTCACHE
+
Index: acinclude.m4
===================================================================
RCS file: /home/cvspublic/httpd-2.0/acinclude.m4,v
retrieving revision 1.139
diff -u -r1.139 acinclude.m4
--- acinclude.m4 31 Mar 2003 21:19:07 -0000 1.139
+++ acinclude.m4 3 Apr 2003 16:50:55 -0000
@@ -312,6 +312,79 @@
])
dnl
+dnl APACHE_CHECK_DISTCACHE_TOOLKIT
+dnl
+dnl Slave macro for determining if Distcache is wanted (and/or present) for use
+dnl for distributed session caching. Called by APACHE_CHECK_SSL_TOOLKIT.
+dnl
+AC_DEFUN(APACHE_CHECK_DISTCACHE_TOOLKIT,[
+if test "x$ap_distcachetk_configured" = "x"; then
+ dnl This is the "default" value if '--enable-distcache' isn't specified
+ ap_distcachetk_configured="yes"
+ dnl Unless "--enable-distcache" or "--disable-distcache" is specified, this
+ dnl value remains "no" and so autodetection is allowed to fail.
+ ap_distcachetk_specified="no"
+ dnl Declare the --enable-distcache/--disable-distcache handler
+ AC_ARG_ENABLE(distcache,
+ APACHE_HELP_STRING(--enable-distcache, Distributed SSL/TLS session caching),
+ ap_distcachetk_configured="$enableval"
+ if test "x$ap_distcachetk_configured" = "x"; then
+ ap_distcachetk_configured="yes"
+ fi
+ if test "$ap_distcachetk_configured" != "yes" -a "$ap_distcachetk_configured" !=
"no"; then
+ AC_MSG_ERROR(invalid syntax: --enable-distcache=$enableval)
+ fi
+ ap_distcachetk_specified="yes"
+ )
+ dnl This is the detection code, irrespective of the --enable-distcache handler
+ if test "$ap_distcachetk_configured" = "yes"; then
+ tmp_msg=""
+ AC_CHECK_HEADER(
+ [distcache/dc_client.h], [],
+ [tmp_msg="distcache headers not available"])
+ if test "x$tmp_msg" = "x"; then
+ AC_MSG_CHECKING(Distcache toolkit version)
+ AC_TRY_COMPILE(
+ [#include <distcache/dc_client.h>],
+[#if DISTCACHE_CLIENT_API != 0x0001
+#error "distcache API version is not recognised"
+#endif],
+ [AC_MSG_RESULT(ok)],
+ [AC_MSG_RESULT(bad)
+ tmp_msg="distcache version is not recognised"]
+ )
+ fi
+ if test "x$tmp_msg" = "x"; then
+ saved_LIBS=$LIBS
+ LIBS="$LIBS `$apr_config --libs`"
+ AC_CHECK_LIB(nal, NAL_CONNECTION_new, [],
+ [tmp_msg="distcache libnal library is not available"])
+ if test "x$tmp_msg" = "x"; then
+ AC_CHECK_LIB(distcache, DC_CTX_new, [],
+ [tmp_msg="distcache library is not available"])
+ fi
+ dnl restore
+ LIBS=$saved_LIBS
+ fi
+ if test "x$tmp_msg" != "x"; then
+ if test "$ap_distcachetk_specified" = "no"; then
+ dnl No distcache available, but it wasn't required
+ echo "... not enabling distcache support"
+ ap_distcachetk_configured="no"
+ else
+ dnl No distcache available, and it was required!
+ AC_MSG_ERROR($tmp_msg)
+ fi
+ else
+ AC_DEFINE(HAVE_DISTCACHE)
+ dnl Our saved_LIBS stuff clobbers autoconf linker settings, so add them now
+ APR_ADDTO(LIBS, [-ldistcache -lnal])
+ fi
+ fi
+fi
+])
+
+dnl
dnl APACHE_CHECK_SSL_TOOLKIT
dnl
dnl Configure for the detected openssl/ssl-c toolkit installation, giving
@@ -430,6 +503,10 @@
APR_ADDTO(LIBS, [-lssl -lcrypto])
else
APR_ADDTO(LIBS, [-lsslc])
+ fi
+ dnl (e) check for distcache
+ if test "$ap_ssltk_type" = "openssl"; then
+ APACHE_CHECK_DISTCACHE_TOOLKIT
fi
fi
])
Index: modules/ssl/config.m4
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/config.m4,v
retrieving revision 1.12
diff -u -r1.12 config.m4
--- modules/ssl/config.m4 13 Mar 2003 20:36:39 -0000 1.12
+++ modules/ssl/config.m4 3 Apr 2003 16:50:56 -0000
@@ -70,6 +70,7 @@
ssl_scache_dbm.lo dnl
ssl_scache_shmcb.lo dnl
ssl_scache_shmht.lo dnl
+ssl_scache_dc.lo dnl
ssl_util.lo dnl
ssl_util_ssl.lo dnl
ssl_util_table.lo dnl
Index: modules/ssl/mod_ssl.dsp
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/mod_ssl.dsp,v
retrieving revision 1.22
diff -u -r1.22 mod_ssl.dsp
--- modules/ssl/mod_ssl.dsp 3 Apr 2003 04:41:01 -0000 1.22
+++ modules/ssl/mod_ssl.dsp 3 Apr 2003 16:50:56 -0000
@@ -168,6 +168,10 @@
# End Source File
# Begin Source File
+SOURCE=.\ssl_scache_dc.c
+# End Source File
+# Begin Source File
+
SOURCE=.\ssl_util.c
# End Source File
# Begin Source File
Index: modules/ssl/mod_ssl.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.128
diff -u -r1.128 mod_ssl.h
--- modules/ssl/mod_ssl.h 3 Apr 2003 04:54:20 -0000 1.128
+++ modules/ssl/mod_ssl.h 3 Apr 2003 16:50:57 -0000
@@ -319,7 +319,8 @@
SSL_SCMODE_NONE = 0,
SSL_SCMODE_DBM = 1,
SSL_SCMODE_SHMHT = 2,
- SSL_SCMODE_SHMCB = 3
+ SSL_SCMODE_SHMCB = 3,
+ SSL_SCMODE_DC = 4
} ssl_scmode_t;
/*
@@ -625,6 +626,16 @@
void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
void ssl_scache_shmcb_expire(server_rec *);
void ssl_scache_shmcb_status(server_rec *, apr_pool_t *, void (*)(char *,
void *), void *);
+
+#ifdef HAVE_DISTCACHE
+void ssl_scache_dc_init(server_rec *, apr_pool_t *);
+void ssl_scache_dc_kill(server_rec *);
+BOOL ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
+SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
+void ssl_scache_dc_remove(server_rec *, UCHAR *, int);
+void ssl_scache_dc_expire(server_rec *);
+void ssl_scache_dc_status(server_rec *, apr_pool_t *, void (*)(char *, void
*), void *);
+#endif
/* Pass Phrase Support */
void ssl_pphrase_Handle(server_rec *, apr_pool_t *);
Index: modules/ssl/ssl_engine_config.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.77
diff -u -r1.77 ssl_engine_config.c
--- modules/ssl/ssl_engine_config.c 29 Mar 2003 02:18:43 -0000 1.77
+++ modules/ssl/ssl_engine_config.c 3 Apr 2003 16:50:57 -0000
@@ -1092,6 +1092,20 @@
}
}
}
+ else if ((arglen > 3) && strcEQn(arg, "dc:", 3)) {
+#ifdef HAVE_DISTCACHE
+ mc->nSessionCacheMode = SSL_SCMODE_DC;
+ mc->szSessionCacheDataFile = apr_psprintf(mc->pPool, "%s", arg+3);
+ if (!mc->szSessionCacheDataFile) {
+ return apr_psprintf(cmd->pool,
+ "SSLSessionCache: Invalid cache file path %s",
+ arg+3);
+ }
+#else
+ return apr_psprintf(cmd->pool,
+ "SSLSessionCache: distcache support disabled");
+#endif
+ }
else {
return "SSLSessionCache: Invalid argument";
}
Index: modules/ssl/ssl_scache.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_scache.c,v
retrieving revision 1.15
diff -u -r1.15 ssl_scache.c
--- modules/ssl/ssl_scache.c 3 Feb 2003 17:53:13 -0000 1.15
+++ modules/ssl/ssl_scache.c 3 Apr 2003 16:50:58 -0000
@@ -87,6 +87,10 @@
if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
ssl_scache_dbm_init(s, p);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ ssl_scache_dc_init(s, p);
+#endif
else if ((mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ||
(mc->nSessionCacheMode == SSL_SCMODE_SHMCB)) {
void *data;
@@ -115,6 +119,10 @@
ssl_scache_shmht_kill(s);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
ssl_scache_shmcb_kill(s);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ ssl_scache_dc_kill(s);
+#endif
return;
}
@@ -129,6 +137,10 @@
rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ rv = ssl_scache_dc_store(s, id, idlen, expiry, sess);
+#endif
return rv;
}
@@ -143,6 +155,10 @@
sess = ssl_scache_shmht_retrieve(s, id, idlen);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
sess = ssl_scache_shmcb_retrieve(s, id, idlen);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ sess = ssl_scache_dc_retrieve(s, id, idlen);
+#endif
return sess;
}
@@ -156,6 +172,10 @@
ssl_scache_shmht_remove(s, id, idlen);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
ssl_scache_shmcb_remove(s, id, idlen);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ ssl_scache_dc_remove(s, id, idlen);
+#endif
return;
}
@@ -169,6 +189,10 @@
ssl_scache_shmht_status(s, p, func, arg);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
ssl_scache_shmcb_status(s, p, func, arg);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ ssl_scache_dc_status(s, p, func, arg);
+#endif
return;
}
@@ -182,6 +206,10 @@
ssl_scache_shmht_expire(s);
else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
ssl_scache_shmcb_expire(s);
+#ifdef HAVE_DISTCACHE
+ else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
+ ssl_scache_dc_expire(s);
+#endif
return;
}
--- /dev/null 1969-12-31 19:00:00.000000000 -0500
+++ modules/ssl/ssl_scache_dc.c 2003-03-13 21:42:58.000000000 -0500
@@ -0,0 +1,181 @@
+/* _ _
+** _ __ ___ ___ __| | ___ ___| | mod_ssl
+** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
+** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
+** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
+** |_____|
+** ssl_scache_dc.c
+** Distributed Session Cache (client support)
+*/
+
+/* ====================================================================
+ * THIS SOFTWARE IS PROVIDED BY GEOFF THORPE ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "mod_ssl.h"
+
+/* Only build this code if it's enabled at configure-time. */
+#ifdef HAVE_DISTCACHE
+
+#include "distcache/dc_client.h"
+
+/*
+ * This cache implementation allows modssl to access 'distcache' servers (or
+ * proxies) to facilitate distributed session caching. It is based on code
+ * released as open source by Cryptographic Appliances Inc, and was developed by
+ * Geoff Thorpe, Steve Robb, and Chris Zimmerman.
+ */
+
+/*
+**
+** High-Level "handlers" as per ssl_scache.c
+**
+*/
+
+void ssl_scache_dc_init(server_rec *s, apr_pool_t *p)
+{
+ DC_CTX *ctx;
+ SSLModConfigRec *mc = myModConfig(s);
+ /*
+ * Create a session context
+ */
+ if(mc->szSessionCacheDataFile == NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSLSessionCache required");
+ ssl_die();
+ }
+#if 0
+ /* If a "persistent connection" mode of operation is preferred, you *must*
+ * also use the PIDCHECK flag to ensure fork()'d processes don't interlace
+ * comms on the same connection as each other. */
+#define SESSION_CTX_FLAGS SESSION_CTX_FLAG_PERSISTENT | \
+ SESSION_CTX_FLAG_PERSISTENT_PIDCHECK | \
+ SESSION_CTX_FLAG_PERSISTENT_RETRY | \
+ SESSION_CTX_FLAG_PERSISTENT_LATE
+#else
+ /* This mode of operation will open a temporary connection to the 'target'
+ * for each cache operation - this makes it safe against fork()
+ * automatically. This mode is preferred when running a local proxy (over
+ * unix domain sockets) because overhead is negligable and it reduces the
+ * performance/stability danger of file-descriptor bloatage. */
+#define SESSION_CTX_FLAGS 0
+#endif
+ ctx = DC_CTX_new(mc->szSessionCacheDataFile, SESSION_CTX_FLAGS);
+ if(!ctx) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache failed to
obtain context");
+ ssl_die();
+ }
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "distributed scache context
initialised");
+ /*
+ * Success ... we hack the context into place by cheating for now and
+ * stealing a member variable the original shared memory cache was using.
+ * :-)
+ */
+ mc->tSessionCacheDataTable = (table_t *) ctx;
+ return;
+}
+
+void ssl_scache_dc_kill(server_rec *s)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+
+ if(mc->tSessionCacheDataTable)
+ DC_CTX_free((DC_CTX *)mc->tSessionCacheDataTable);
+ mc->tSessionCacheDataTable = NULL;
+}
+
+BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen,
+ time_t timeout, SSL_SESSION * pSession)
+{
+ unsigned char der[SSL_SESSION_MAX_DER];
+ int der_len;
+ unsigned char *pder = der;
+ SSLModConfigRec *mc = myModConfig(s);
+ DC_CTX *ctx = (DC_CTX *)mc->tSessionCacheDataTable;
+
+ /* Serialise the SSL_SESSION object */
+ if((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER)
+ return FALSE;
+ i2d_SSL_SESSION(pSession, &pder);
+ /* [EMAIL PROTECTED] - why do we deal with *absolute* time anyway??? */
+ timeout -= time(NULL);
+ /* Send the serialised session to the distributed cache context */
+ if(!DC_CTX_add_session(ctx, id, idlen, der, der_len,
+ (unsigned long)timeout * 1000)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'add_session'
failed");
+ return FALSE;
+ }
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'add_session'
successful");
+ return TRUE;
+}
+
+SSL_SESSION *ssl_scache_dc_retrieve(server_rec *s, UCHAR *id, int idlen)
+{
+ unsigned char der[SSL_SESSION_MAX_DER];
+ unsigned int der_len;
+ SSL_SESSION *pSession;
+ unsigned char *pder = der;
+ SSLModConfigRec *mc = myModConfig(s);
+ DC_CTX *ctx = (DC_CTX *)mc->tSessionCacheDataTable;
+
+ /* Retrieve any corresponding session from the distributed cache context */
+ if(!DC_CTX_get_session(ctx, id, idlen, der, SSL_SESSION_MAX_DER,
+ &der_len)) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session'
MISS");
+ return NULL;
+ }
+ if(der_len > SSL_SESSION_MAX_DER) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session'
OVERFLOW");
+ return NULL;
+ }
+ pSession = d2i_SSL_SESSION(NULL, &pder, der_len);
+ if(!pSession) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session'
CORRUPT");
+ return NULL;
+ }
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session'
HIT");
+ return pSession;
+}
+
+void ssl_scache_dc_remove(server_rec *s, UCHAR *id, int idlen)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+ DC_CTX *ctx = (DC_CTX *)mc->tSessionCacheDataTable;
+
+ /* Remove any corresponding session from the distributed cache context */
+ if(!DC_CTX_remove_session(ctx, id, idlen)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session'
MISS");
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session'
HIT");
+ }
+}
+
+void ssl_scache_dc_expire(server_rec *s)
+{
+ /* NOP */
+ return;
+}
+
+void ssl_scache_dc_status(server_rec *s, apr_pool_t *p,
+ void (*func) (char *, void *), void *arg)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache
'ssl_scache_dc_status'");
+ func(apr_psprintf(p, "cache type: <b>DC (Distributed Cache)</b>, target:
<b>%s</b><br>",
+ mc->szSessionCacheDataFile), arg);
+}
+
+#endif
+
