diff options
author | Joe Orton <jorton@apache.org> | 2008-02-22 13:00:49 +0100 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2008-02-22 13:00:49 +0100 |
commit | 9662049374050b110deac5cfe0445ac742fa32df (patch) | |
tree | ed5b3eec1740aaa95a3be38c9e989932816fcd78 /modules | |
parent | Re-implement the SSL session cache abstraction using a vtable; first (diff) | |
download | apache2-9662049374050b110deac5cfe0445ac742fa32df.tar.xz apache2-9662049374050b110deac5cfe0445ac742fa32df.zip |
Move SSL session data serialization up out of the session cache
storage providers:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change
'store' interface to take a data/length pair rather than an
SSL_SESSION pointer.
* modules/ssl/ssl_scache.c (ssl_scache_store): Serialize the SSL
session here and pass down the raw DER.
* modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c,
modules/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Adjust ->store
implementations accordingly, removing the four sets of identical
code doing the i2d dance.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630168 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r-- | modules/ssl/ssl_private.h | 3 | ||||
-rw-r--r-- | modules/ssl/ssl_scache.c | 17 | ||||
-rw-r--r-- | modules/ssl/ssl_scache_dbm.c | 17 | ||||
-rw-r--r-- | modules/ssl/ssl_scache_dc.c | 10 | ||||
-rw-r--r-- | modules/ssl/ssl_scache_memcache.c | 18 | ||||
-rw-r--r-- | modules/ssl/ssl_scache_shmcb.c | 16 |
6 files changed, 26 insertions, 55 deletions
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 4647375044..04b30b5e1a 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -369,7 +369,8 @@ typedef struct { void (*init)(server_rec *s, apr_pool_t *pool); void (*destroy)(server_rec *s); BOOL (*store)(server_rec *s, UCHAR *id, int idlen, - time_t expiry, SSL_SESSION *session); + time_t expiry, + unsigned char *data, unsigned int datalen); SSL_SESSION *(*retrieve)(server_rec *s, UCHAR *id, int idlen, apr_pool_t *pool); void (*delete)(server_rec *s, UCHAR *id, int idlen, apr_pool_t *pool); diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c index efabfe8af6..0bdd025af5 100644 --- a/modules/ssl/ssl_scache.c +++ b/modules/ssl/ssl_scache.c @@ -67,8 +67,21 @@ BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); - - return mc->sesscache->store(s, id, idlen, expiry, sess); + unsigned char encoded[SSL_SESSION_MAX_DER], *ptr; + unsigned int len; + + /* Serialise the session. */ + len = i2d_SSL_SESSION(sess, NULL); + if (len > sizeof encoded) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "session is too big (%u bytes)", len); + return FALSE; + } + + ptr = encoded; + len = i2d_SSL_SESSION(sess, &ptr); + + return mc->sesscache->store(s, id, idlen, expiry, encoded, len); } SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen, diff --git a/modules/ssl/ssl_scache_dbm.c b/modules/ssl/ssl_scache_dbm.c index d84df07b34..755083dda6 100644 --- a/modules/ssl/ssl_scache_dbm.c +++ b/modules/ssl/ssl_scache_dbm.c @@ -106,15 +106,13 @@ static void ssl_scache_dbm_kill(server_rec *s) } static BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, - time_t expiry, SSL_SESSION *sess) + time_t expiry, + unsigned char *ucaData, unsigned int nData) { SSLModConfigRec *mc = myModConfig(s); apr_dbm_t *dbm; apr_datum_t dbmkey; apr_datum_t dbmval; - UCHAR ucaData[SSL_SESSION_MAX_DER]; - int nData; - UCHAR *ucp; apr_status_t rv; apr_pool_t *p; @@ -122,17 +120,6 @@ static BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, * cleared each time is needed. */ apr_pool_create(&p, s->process->pool); - /* streamline session data */ - if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "streamline session data size too large: %d > " - "%" APR_SIZE_T_FMT, - nData, sizeof(ucaData)); - return FALSE; - } - ucp = ucaData; - i2d_SSL_SESSION(sess, &ucp); - /* be careful: do not try to store too much bytes in a DBM file! */ #ifdef PAIRMAX if ((idlen + nData) >= PAIRMAX) { diff --git a/modules/ssl/ssl_scache_dc.c b/modules/ssl/ssl_scache_dc.c index 4227a34d34..a08a7dbb7f 100644 --- a/modules/ssl/ssl_scache_dc.c +++ b/modules/ssl/ssl_scache_dc.c @@ -98,18 +98,12 @@ static void ssl_scache_dc_kill(server_rec *s) } static BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen, - time_t timeout, SSL_SESSION * pSession) + time_t timeout, + unsigned char *der, unsigned int der_len) { - unsigned char der[SSL_SESSION_MAX_DER]; - int der_len; - unsigned char *pder = der; SSLModConfigRec *mc = myModConfig(s); DC_CTX *ctx = mc->tSessionCacheDataTable; - /* Serialise the SSL_SESSION object */ - if ((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER) - return FALSE; - i2d_SSL_SESSION(pSession, &pder); /* !@#$%^ - why do we deal with *absolute* time anyway??? */ timeout -= time(NULL); /* Send the serialised session to the distributed cache context */ diff --git a/modules/ssl/ssl_scache_memcache.c b/modules/ssl/ssl_scache_memcache.c index ca97a1f077..65b7258548 100644 --- a/modules/ssl/ssl_scache_memcache.c +++ b/modules/ssl/ssl_scache_memcache.c @@ -182,27 +182,13 @@ static char *mc_session_id2sz(unsigned char *id, int idlen, } static BOOL ssl_scache_mc_store(server_rec *s, UCHAR *id, int idlen, - time_t timeout, SSL_SESSION *pSession) + time_t timeout, + unsigned char *ucaData, unsigned int nData) { char buf[MC_KEY_LEN]; char *strkey = NULL; - UCHAR ucaData[SSL_SESSION_MAX_DER]; - UCHAR *ucp; - int nData; apr_status_t rv; - /* streamline session data */ - if ((nData = i2d_SSL_SESSION(pSession, NULL)) > sizeof(ucaData)) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "scache_mc: streamline session data size too large: %d > " - "%" APR_SIZE_T_FMT, - nData, sizeof(ucaData)); - return FALSE; - } - - ucp = ucaData; - i2d_SSL_SESSION(pSession, &ucp); - strkey = mc_session_id2sz(id, idlen, buf, sizeof(buf)); if(!strkey) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "scache_mc: Key generation borked."); diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c index 05235fbde8..8db5858ce8 100644 --- a/modules/ssl/ssl_scache_shmcb.c +++ b/modules/ssl/ssl_scache_shmcb.c @@ -320,13 +320,12 @@ static void ssl_scache_shmcb_kill(server_rec *s) } static BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen, - time_t timeout, SSL_SESSION * pSession) + time_t timeout, + unsigned char *encoded, + unsigned int len_encoded) { SSLModConfigRec *mc = myModConfig(s); BOOL to_return = FALSE; - unsigned char encoded[SSL_SESSION_MAX_DER]; - unsigned char *ptr_encoded; - unsigned int len_encoded; SHMCBHeader *header = mc->tSessionCacheDataTable; SHMCBSubcache *subcache = SHMCB_MASK(header, id); @@ -339,15 +338,6 @@ static BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen, "(%u bytes)", idlen); goto done; } - /* Serialise the session. */ - len_encoded = i2d_SSL_SESSION(pSession, NULL); - if (len_encoded > SSL_SESSION_MAX_DER) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "session is too big (%u bytes)", len_encoded); - goto done; - } - ptr_encoded = encoded; - len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded); if (!shmcb_subcache_store(s, header, subcache, encoded, len_encoded, id, timeout)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |