diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2002-10-29 00:33:04 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2002-10-29 00:33:04 +0000 |
| commit | e0db2eed8df76d0732839910e90882ee7266c46d (patch) | |
| tree | 760983fb2188c3200a79901942bdd1dbbba1ec4a /ssl | |
| parent | 00a357ab203b4153eee970ffb33f0f22ef59f734 (diff) | |
| download | openssl-new-e0db2eed8df76d0732839910e90882ee7266c46d.tar.gz | |
Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl.h | 7 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 9 |
3 files changed, 11 insertions, 7 deletions
@@ -726,10 +726,11 @@ struct ssl_ctx_st #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* This one, when set, makes the server session-id lookup not look - * in the cache. If there is an application get_session callback - * defined, this will still get called. */ +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1ddd3380ac..851155e04e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1803,7 +1803,7 @@ void ssl_update_cache(SSL *s,int mode) i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ca1a7427be..2a4a90897e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -309,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->ctx,ret); + /* Add the externally cached session to the internal + * cache as well if and only if we are supposed to. */ + if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; |