On Fri, Jul 08, 2005 at 03:58:47PM -0000, Jim Jagielski wrote: > Author: jim > Date: Fri Jul 8 08:58:46 2005 > New Revision: 209827 > > URL: http://svn.apache.org/viewcvs?rev=209827&view=rev > Log: > Good suggestion from a private Email. name changes.
"nonenotnull" is a *good* name suggestion? I'd hate to see a bad one then :) Please justify why you can't just enable a real session cache in this case, else -1 for this feature. I believe there are still cases where MSIE will barf if the server won't resume a session in new connections (when using client certs IIRC), so I I really don't think this is worthwhile. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en > httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml > httpd/httpd/trunk/modules/ssl/mod_ssl.c > httpd/httpd/trunk/modules/ssl/ssl_engine_config.c > httpd/httpd/trunk/modules/ssl/ssl_private.h > > Modified: httpd/httpd/trunk/CHANGES > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/CHANGES (original) > +++ httpd/httpd/trunk/CHANGES Fri Jul 8 08:58:46 2005 > @@ -1,11 +1,9 @@ > Changes with Apache 2.1.7 > [Remove entries to the current 2.0 section below, when backported] > > - *) Add additional SSLSessionCache option, 'internal', which makes > - mod_ssl just use OpenSSL's own internal session ID cache. Useful > - when one needs to disable any external, shared caches but > - requires the server to send non-null session IDs. > - [Jim Jagielski] > + *) Add additional SSLSessionCache option, 'nonenotnull', which is > + similar to 'none' (disabling any external shared cache) but forces > + OpenSSL to provide a non-null session ID. [Jim Jagielski] > > *) Add httxt2dbm to support/ for creating RewriteMap DBM Files. > [Paul Querna] > > Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original) > +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Fri Jul 8 08:58:46 2005 > @@ -1532,12 +1532,11 @@ > using certain browsers, particularly if client certificates are > enabled. This setting is not recommended.</p></li> > > -<li><code>internal</code> > +<li><code>nonenotnull</code> > > <p>This disables any global/inter-process Session Cache. However > - it does allow OpenSSL to use its own internal session cache. This in > - mainly useful in situations where a global cache cannot be used > - but the client requires a non-null session ID.</p></li> > + it does force OpenSSL to send a non-null session ID to > + accommodate buggy clients that require one.</p></li> > > <li><code>dbm:/path/to/datafile</code> > > > Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original) > +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Jul 8 08:58:46 2005 > @@ -412,12 +412,11 @@ > using certain browsers, particularly if client certificates are > enabled. This setting is not recommended.</p></li> > > -<li><code>internal</code> > +<li><code>nonenotnull</code> > > <p>This disables any global/inter-process Session Cache. However > - it does allow OpenSSL to use its own internal session cache. This in > - mainly useful in situations where a global cache cannot be used > - but the client requires a non-null session ID.</p></li> > + it does force OpenSSL to send a non-null session ID to > + accommodate buggy clients that require one.</p></li> > > <li><code>dbm:/path/to/datafile</code> > > > Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original) > +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Jul 8 08:58:46 2005 > @@ -83,7 +83,7 @@ > "or `exec:/path/to/cgi_program')") > SSL_CMD_SRV(SessionCache, TAKE1, > "SSL Session Cache storage " > - "(`none', `internal', `dbm:/path/to/file')") > + "(`none', `nonenotnull', `dbm:/path/to/file')") > #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) > SSL_CMD_SRV(CryptoDevice, TAKE1, > "SSL external Crypto Device usage " > > Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jul 8 08:58:46 2005 > @@ -1001,8 +1001,8 @@ > mc->nSessionCacheMode = SSL_SCMODE_NONE; > mc->szSessionCacheDataFile = NULL; > } > - else if (strcEQ(arg, "internal")) { > - mc->nSessionCacheMode = SSL_SCMODE_OPENSSL_INTERNAL; > + else if (strcEQ(arg, "nonenotnull")) { > + mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL; > mc->szSessionCacheDataFile = NULL; > } > else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) { > > Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h > URL: > http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=209827&r1=209826&r2=209827&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Jul 8 08:58:46 2005 > @@ -260,7 +260,7 @@ > SSL_SCMODE_DBM = 1, > SSL_SCMODE_SHMCB = 3, > SSL_SCMODE_DC = 4, > - SSL_SCMODE_OPENSSL_INTERNAL = 5 > + SSL_SCMODE_NONE_NOT_NULL = 5 > } ssl_scmode_t; > > /* >