/* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org ** |_____| ** ssl_scache.c ** Session Cache Abstraction */ /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2002 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ /* ``Open-Source Software: generous programmers from around the world all join forces to help you shoot yourself in the foot for free.'' -- Unknown */ #include "mod_ssl.h" /* _________________________________________________________________ ** ** Session Cache: Common Abstraction Layer ** _________________________________________________________________ */ void ssl_scache_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); /* * Warn the user that he should use the session cache. * But we can operate without it, of course. */ if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, "Init: Session Cache is not configured " "[hint: SSLSessionCache]"); mc->nSessionCacheMode = SSL_SCMODE_NONE; return; } if (mc->nSessionCacheMode == SSL_SCMODE_DBM) ssl_scache_dbm_init(s, p); else if ((mc->nSessionCacheMode == SSL_SCMODE_SHMHT) || (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)) { void *data; const char *userdata_key = "ssl_scache_init"; apr_pool_userdata_get(&data, userdata_key, s->process->pool); if (!data) { apr_pool_userdata_set((const void *)1, userdata_key, apr_pool_cleanup_null, s->process->pool); return; } if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ssl_scache_shmht_init(s, p); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) ssl_scache_shmcb_init(s, p); } } void ssl_scache_kill(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == SSL_SCMODE_DBM) ssl_scache_dbm_kill(s); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ssl_scache_shmht_kill(s); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) ssl_scache_shmcb_kill(s); return; } BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess) { SSLModConfigRec *mc = myModConfig(s); BOOL rv = FALSE; if (mc->nSessionCacheMode == SSL_SCMODE_DBM) rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess); return rv; } SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen) { SSLModConfigRec *mc = myModConfig(s); SSL_SESSION *sess = NULL; if (mc->nSessionCacheMode == SSL_SCMODE_DBM) sess = ssl_scache_dbm_retrieve(s, id, idlen); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) sess = ssl_scache_shmht_retrieve(s, id, idlen); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) sess = ssl_scache_shmcb_retrieve(s, id, idlen); return sess; } void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == SSL_SCMODE_DBM) ssl_scache_dbm_remove(s, id, idlen); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ssl_scache_shmht_remove(s, id, idlen); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) ssl_scache_shmcb_remove(s, id, idlen); return; } void ssl_scache_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == SSL_SCMODE_DBM) ssl_scache_dbm_status(s, p, func, arg); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ssl_scache_shmht_status(s, p, func, arg); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) ssl_scache_shmcb_status(s, p, func, arg); return; } void ssl_scache_expire(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == SSL_SCMODE_DBM) ssl_scache_dbm_expire(s); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ssl_scache_shmht_expire(s); else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) ssl_scache_shmcb_expire(s); return; } /* _________________________________________________________________ ** ** SSL Extension to mod_status ** _________________________________________________________________ */ #if 0 /* NOT YET */ static void ssl_ext_ms_display(request_rec *, int, int); void ssl_scache_status_register(apr_pool_t *p) { /* XXX point mod_status to this update, when it grows the opt fn */ #if 0 ap_hook_register("ap::mod_status::display", ssl_ext_ms_display, AP_HOOK_NOCTX); #endif return; } static void ssl_ext_ms_display_cb(char *str, void *_r) { request_rec *r = (request_rec *)_r; if (str != NULL) ap_rputs(str, r); return; } static void ssl_ext_ms_display(request_rec *r, int no_table_report, int short_report) { SSLSrvConfigRec *sc = mySrvConfig(r->server); if (sc == NULL) return; if (short_report) return; ap_rputs("
\n", r); ap_rputs("\n", r); ap_rputs("\n", r); ap_rputs("\n", r); ap_rputs("
\n", r); ap_rputs("SSL/TLS Session Cache Status:\r", r); ap_rputs("
\n", r); ssl_scache_status(r->server, r->pool, ssl_ext_ms_display_cb, r); ap_rputs("
\n", r); return; } #endif