summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorJoe Orton <jorton@apache.org>2008-02-22 13:00:49 +0100
committerJoe Orton <jorton@apache.org>2008-02-22 13:00:49 +0100
commit9662049374050b110deac5cfe0445ac742fa32df (patch)
treeed5b3eec1740aaa95a3be38c9e989932816fcd78 /modules
parentRe-implement the SSL session cache abstraction using a vtable; first (diff)
downloadapache2-9662049374050b110deac5cfe0445ac742fa32df.tar.xz
apache2-9662049374050b110deac5cfe0445ac742fa32df.zip
Move SSL session data serialization up out of the session cache
storage providers: * modules/ssl/ssl_private.h (modssl_sesscache_provider): Change 'store' interface to take a data/length pair rather than an SSL_SESSION pointer. * modules/ssl/ssl_scache.c (ssl_scache_store): Serialize the SSL session here and pass down the raw DER. * modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c, modules/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Adjust ->store implementations accordingly, removing the four sets of identical code doing the i2d dance. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630168 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r--modules/ssl/ssl_private.h3
-rw-r--r--modules/ssl/ssl_scache.c17
-rw-r--r--modules/ssl/ssl_scache_dbm.c17
-rw-r--r--modules/ssl/ssl_scache_dc.c10
-rw-r--r--modules/ssl/ssl_scache_memcache.c18
-rw-r--r--modules/ssl/ssl_scache_shmcb.c16
6 files changed, 26 insertions, 55 deletions
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 4647375044..04b30b5e1a 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -369,7 +369,8 @@ typedef struct {
void (*init)(server_rec *s, apr_pool_t *pool);
void (*destroy)(server_rec *s);
BOOL (*store)(server_rec *s, UCHAR *id, int idlen,
- time_t expiry, SSL_SESSION *session);
+ time_t expiry,
+ unsigned char *data, unsigned int datalen);
SSL_SESSION *(*retrieve)(server_rec *s, UCHAR *id, int idlen,
apr_pool_t *pool);
void (*delete)(server_rec *s, UCHAR *id, int idlen, apr_pool_t *pool);
diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c
index efabfe8af6..0bdd025af5 100644
--- a/modules/ssl/ssl_scache.c
+++ b/modules/ssl/ssl_scache.c
@@ -67,8 +67,21 @@ BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,
apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
-
- return mc->sesscache->store(s, id, idlen, expiry, sess);
+ unsigned char encoded[SSL_SESSION_MAX_DER], *ptr;
+ unsigned int len;
+
+ /* Serialise the session. */
+ len = i2d_SSL_SESSION(sess, NULL);
+ if (len > sizeof encoded) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "session is too big (%u bytes)", len);
+ return FALSE;
+ }
+
+ ptr = encoded;
+ len = i2d_SSL_SESSION(sess, &ptr);
+
+ return mc->sesscache->store(s, id, idlen, expiry, encoded, len);
}
SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,
diff --git a/modules/ssl/ssl_scache_dbm.c b/modules/ssl/ssl_scache_dbm.c
index d84df07b34..755083dda6 100644
--- a/modules/ssl/ssl_scache_dbm.c
+++ b/modules/ssl/ssl_scache_dbm.c
@@ -106,15 +106,13 @@ static void ssl_scache_dbm_kill(server_rec *s)
}
static BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen,
- time_t expiry, SSL_SESSION *sess)
+ time_t expiry,
+ unsigned char *ucaData, unsigned int nData)
{
SSLModConfigRec *mc = myModConfig(s);
apr_dbm_t *dbm;
apr_datum_t dbmkey;
apr_datum_t dbmval;
- UCHAR ucaData[SSL_SESSION_MAX_DER];
- int nData;
- UCHAR *ucp;
apr_status_t rv;
apr_pool_t *p;
@@ -122,17 +120,6 @@ static BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen,
* cleared each time is needed. */
apr_pool_create(&p, s->process->pool);
- /* streamline session data */
- if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "streamline session data size too large: %d > "
- "%" APR_SIZE_T_FMT,
- nData, sizeof(ucaData));
- return FALSE;
- }
- ucp = ucaData;
- i2d_SSL_SESSION(sess, &ucp);
-
/* be careful: do not try to store too much bytes in a DBM file! */
#ifdef PAIRMAX
if ((idlen + nData) >= PAIRMAX) {
diff --git a/modules/ssl/ssl_scache_dc.c b/modules/ssl/ssl_scache_dc.c
index 4227a34d34..a08a7dbb7f 100644
--- a/modules/ssl/ssl_scache_dc.c
+++ b/modules/ssl/ssl_scache_dc.c
@@ -98,18 +98,12 @@ static void ssl_scache_dc_kill(server_rec *s)
}
static BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen,
- time_t timeout, SSL_SESSION * pSession)
+ time_t timeout,
+ unsigned char *der, unsigned int der_len)
{
- unsigned char der[SSL_SESSION_MAX_DER];
- int der_len;
- unsigned char *pder = der;
SSLModConfigRec *mc = myModConfig(s);
DC_CTX *ctx = mc->tSessionCacheDataTable;
- /* Serialise the SSL_SESSION object */
- if ((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER)
- return FALSE;
- i2d_SSL_SESSION(pSession, &pder);
/* !@#$%^ - why do we deal with *absolute* time anyway??? */
timeout -= time(NULL);
/* Send the serialised session to the distributed cache context */
diff --git a/modules/ssl/ssl_scache_memcache.c b/modules/ssl/ssl_scache_memcache.c
index ca97a1f077..65b7258548 100644
--- a/modules/ssl/ssl_scache_memcache.c
+++ b/modules/ssl/ssl_scache_memcache.c
@@ -182,27 +182,13 @@ static char *mc_session_id2sz(unsigned char *id, int idlen,
}
static BOOL ssl_scache_mc_store(server_rec *s, UCHAR *id, int idlen,
- time_t timeout, SSL_SESSION *pSession)
+ time_t timeout,
+ unsigned char *ucaData, unsigned int nData)
{
char buf[MC_KEY_LEN];
char *strkey = NULL;
- UCHAR ucaData[SSL_SESSION_MAX_DER];
- UCHAR *ucp;
- int nData;
apr_status_t rv;
- /* streamline session data */
- if ((nData = i2d_SSL_SESSION(pSession, NULL)) > sizeof(ucaData)) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "scache_mc: streamline session data size too large: %d > "
- "%" APR_SIZE_T_FMT,
- nData, sizeof(ucaData));
- return FALSE;
- }
-
- ucp = ucaData;
- i2d_SSL_SESSION(pSession, &ucp);
-
strkey = mc_session_id2sz(id, idlen, buf, sizeof(buf));
if(!strkey) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "scache_mc: Key generation borked.");
diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c
index 05235fbde8..8db5858ce8 100644
--- a/modules/ssl/ssl_scache_shmcb.c
+++ b/modules/ssl/ssl_scache_shmcb.c
@@ -320,13 +320,12 @@ static void ssl_scache_shmcb_kill(server_rec *s)
}
static BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
- time_t timeout, SSL_SESSION * pSession)
+ time_t timeout,
+ unsigned char *encoded,
+ unsigned int len_encoded)
{
SSLModConfigRec *mc = myModConfig(s);
BOOL to_return = FALSE;
- unsigned char encoded[SSL_SESSION_MAX_DER];
- unsigned char *ptr_encoded;
- unsigned int len_encoded;
SHMCBHeader *header = mc->tSessionCacheDataTable;
SHMCBSubcache *subcache = SHMCB_MASK(header, id);
@@ -339,15 +338,6 @@ static BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
"(%u bytes)", idlen);
goto done;
}
- /* Serialise the session. */
- len_encoded = i2d_SSL_SESSION(pSession, NULL);
- if (len_encoded > SSL_SESSION_MAX_DER) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "session is too big (%u bytes)", len_encoded);
- goto done;
- }
- ptr_encoded = encoded;
- len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded);
if (!shmcb_subcache_store(s, header, subcache, encoded,
len_encoded, id, timeout)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,