Checkout Tools
  • last updated 4 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Session cache interface redesign, Part 9:

Switch mod_ssl to use the ap_socache interface.

* modules/ssl/ssl_scache_shmcb.c, modules/ssl/ssl_scache_memcache.c,

modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_dbm.c: Remove


* modules/ssl/mod_ssl.c (modssl_register_scache): Remove function.

* modules/ssl/ssl_private.h: Remove modssl_sesscache_provider etc.

(SSLModConfigRec): Switch to using socache types.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Switch to

use socache provider.

* modules/ssl/ssl_engine_mutex.c, modules/ssl/ssl_scache.c: Switch to

using socache constants.

* modules/ssl/config.m4: Drop distache/memcache configuration, remove

old objects.

  1. … 9 more files in changeset.
Session cache interface redesign, Part 7:

Clean up provider interface, removing use of mod_ssl-specific types:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Replace BOOL

with apr_status_t, UCHAR with unsigned char; use 'unsigned int' for

idlen; constify id arguments; remove pool argument from ->status.

* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache,

modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Update


* modules/ssl/ssl_scache.c (ssl_scache_retrieve, ssl_scache_store):

Adjust for BOOL->apr_status_t change.

(ssl_ext_status_hook): Update for dropped pool argument.

  1. … 5 more files in changeset.
Session cache interface redesign, Part 6:

Move mutex handling up out of the session cache providers:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add name and

flags fields. Define MODSSL_SESSCACHE_FLAG_NOTMPSAFE constant.

* modules/ssl/ssl_scache.c (ssl_scache_store, ssl_scache_retrieve,

ssl_scache_remove, ssl_ext_status_hook): Lock and release the mutex

around provider calls, if necessary.

* modules/ssl/ssl_engine_mutex.c (ssl_mutex_init): Do nothing if no

session cache is configured, or the session cache does not require a

mutex. Otherwise, fail if no mutex is configured and the session

cache *does* require a mutex.

(ssl_mutex_on, ssl_mutex_off): Remove checks for mutex mode;

functions now invoked only if necessary.

* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache: Set

name and flags fields in provider structures.

* modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Remove

mutex handling through; set name and flags fields in provider

structures; mark both as unsafe for concurrent access in flags.

  1. … 6 more files in changeset.
* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_remove): Use and clear

the temporary pool from the context. (missed in r630974)

Found by: rpluem

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_create): Fix for

r630974; create the subpool.

Session cache interface redesign, Part 4:

Move provider-specific configuration handling down into the provider

code. Eliminate all use of SSLModConfigRec within provider code.

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add 'create'

function which creates and configures the cache provider, before

initialisation. Change 'init' function to take the context pointer

as an input parameter, and reorder to be first.

* modules/ssl/ssl_scache.c (ssl_scache_init): Adjust accordingly.

* modules/ssl/ssl_scache_memcache.c (struct context): Add servers


(ssl_scache_mc_create): New function.

(ssl_scache_mc_init): Use servers from context not SSLModConfigRec.

* modules/ssl/ssl_scache_dbm.c (struct context): Define.

(ssl_scache_dbm_create): New function.

(ssl_scache_dbm_init, ssl_scache_dbm_kill): Adjust to use filename

and pool from context.

(ssl_scache_dbm_store, ssl_scache_dbm_retrieve,

ssl_scache_dbm_status): Use filename from context. Use context pool

for temp storage of the DBM object, and clear before use.

(ssl_scache_dbm_expire): Remove static tLast; use last_expiry from

context. Use context pool for temp storage and clear before use.

* modules/ssl/ssl_scache_dc.c (struct context): Add target field.

(ssl_scache_dc_init, ssl_scache_dc_status): Use target from context.

* modules/ssl/ssl_scache_shmcb.c (struct context): Add data_file,

shm_size fields.

(ssl_scache_shmcb_create): New function; moved argument parsing

logic from ssl_cmd_SSLSessionCache

(ssl_scache_shmcb_init, ssl_scache_shmcb_status): Use config from


* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Remove

handling of old provider-specific fields.

(ssl_cmd_SSLSessionCache): Call provider ->create function to parse

the argument and create provider-specific context structure.

  1. … 6 more files in changeset.
* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_retrieve): Set *destlen

on success.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_retrieve): Likewise.

Found by: rpluem

  1. … 1 more file in changeset.
Session cache interface redesign, Part 3:

Move provider-private context out of SSLModConfigRec and into an

opaque context pointer. Use real error propagation in the ->init

functions rather than ssl_die().

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Take a

context out-parameter from ->init, and return an apr_status_t.

Add context pointer as first arg for the other function types.

(SSLModConfigRec): Remove tSessionCacheData* fields; add

sesscache_context field.

* modules/ssl/ssl_scache.c (ssl_scache_init): Move once-per-process

invocation check back into here.

(ssl_scache_*): Adjust to use context pointer.

* modules/ssl/ssl_scache_shmcb.c, modules/ssl/ssl_scache_dc.c,

modules/ssl/ssl_scache_dbm.c: Adjust all implementations to use

opaque context pointer.

* modules/ssl/ssl_scache_memcache.c: Move memcache context into the

context structure rather than using global state.

* modules/ssl/ssl_engine_config.c: Remove handling of

pSessionCacheData* fields in SSLModConfigRec.

  1. … 6 more files in changeset.
Move SSL session data deserialization up out of the session cache

storage providers; includes a significant change to the shmcb storage


* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change

retrieve function to take dest/destlen output buffer, to take a

constant id paramater, and to return a BOOL.

* modules/ssl/ssl_scache.c (ssl_scache_retrieve): Update accordingly,

perform SSL deserialization here.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_retrieve),

modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_retrieve),

modules/ssl/ssl_scache_memcache.c (ssl_scache_mc_retrieve):

Update accordingly.

* modules/ssl/ssl_scache_shmcb.c: Store the whole ID in the cache

before the data, so that each index can be compared against the

requested ID without deserializing the data. This requires approx

20% extra storage per session in the common case, though should

reduce CPU overhead in some retrieval paths.

(SHMCBIndex): Replace s_id2 field with id_len.

(shmcb_cyclic_memcmp): New function.

(ssl_scache_shmcb_init): Change the heuristics to allow for increase

in per-session storage requirement.

(ssl_scache_shmcb_retrieve): Drop requirement on ID length.

(shmcb_subcache_store): Store the ID in the cyclic buffer.

(shmcb_subcache_retrieve, shmcb_subcache_remove): Compare against

the stored ID rather than deserializing the data.

(ssl_scache_shmcb_retrieve, ssl_scache_shmcb_store): Update


  1. … 5 more files in changeset.
Move SSL session data serialization up out of the session cache

storage providers:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change

'store' interface to take a data/length pair rather than an

SSL_SESSION pointer.

* modules/ssl/ssl_scache.c (ssl_scache_store): Serialize the SSL

session here and pass down the raw DER.

* modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c,

modules/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Adjust ->store

implementations accordingly, removing the four sets of identical

code doing the i2d dance.

  1. … 5 more files in changeset.
Re-implement the SSL session cache abstraction using a vtable; first

step towards use of the ap_provider interface:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add new

vtable type.

(SSLModConfigRec): Reference the vtable here.

Replace all the ssl_scache_* prototypes with provider vtable objects.

* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,

ssl_scache_retrieve, ssl_scache_store, ssl_scache_remove,

ssl_ext_status_hook): Use callbacks from vtable rather than ifdef


* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache):

Only install the OpenSSL callbacks if a vtable is configured.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Set up

vtable pointer.

* modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c: Adjust to make

implementations static, and add vtable definition.

* modules/ssl_scache_shmcb.c: Likewise; also move the init

one-per-process requirement down here.

* modules/ssl_scache_dbm.c: Likewise; also (temporarily) use a local

subpool in the store callback.

  1. … 7 more files in changeset.
Multiple trivial fixes from Christophe JAILLET

PR 38699, 39518, 42005, 42006, 42007, 42008, 42009

The patches are all his, and are sufficiently trivial to review

at a glance.

  1. … 14 more files in changeset.
For the DBM SSL Session Cache, propogate down pools to use for allocations. In most cases, we can use the conn_rec::pool, but for ssl_callback_DelSessionCacheEntry, we still use the long lived configuration pool, but this change at least makes it easier to fix in the future.

  1. … 3 more files in changeset.
update license header text
  1. … 316 more files in changeset.
Update the copyright year in all .c, .h and .xml files

  1. … 497 more files in changeset.
No functional Change: Removing trailing whitespace. This also

means that "blank" lines consisting of just spaces or

tabs are now really blank lines

  1. … 180 more files in changeset.
No functional change: simple detabbing of indented code.

  1. … 72 more files in changeset.

No UCHAR, per Joe

Joe strongly objected to this outgoing style; use this incoming

style for const modifiers so the reader can still follow that

the data is [const] unsigned char *

  1. … 3 more files in changeset.

The macro is simply not worth it; each of these various occurances

differ as openssl has modified pointer constness from bump to bump.

This needs testing on Netware, it builds clean on 0.9.6m, 0.9.7d,

0.9.7g, and 0.9.8-final on Win32.

  1. … 3 more files in changeset.

Wrap this type in a macro since it seems to be bouncing from

0.9.7g to 0.9.7h in const'ness.

PR: 34520

  1. … 2 more files in changeset.
Update copyright year to 2005 and standardize on current copyright owner line.

  1. … 522 more files in changeset.
general property cleanup

  1. … 712 more files in changeset.
* modules/ssl/ssl_scache.c (ssl_scache_expire): Remove unused function.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_expire): Likewise.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_expire): Likewise.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_expire): Make static.

* modules/ssl/ssl_private.h: Remove prototypes.

  1. … 4 more files in changeset.
Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h

to be included even when mod_ssl is not enabled.

* (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional

hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the

include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional

hook definitions rather than copy'n'pasting them.

  1. … 28 more files in changeset.
fix name of The Apache Software Foundation

  1. … 361 more files in changeset.
fix copyright dates according to the first check in

  1. … 24 more files in changeset.
apply Apache License, Version 2.0

  1. … 262 more files in changeset.
update license to 2004.

  1. … 281 more files in changeset.
Fix format string warnings from gcc on amd64:

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_store):

Print apr_size_t using APR_SIZE_T_FMT.

* modules/ssl/ssl_engine_io.c (ssl_filter_write): Print difference

between sizes using APR_SSIZE_T_FMT, apr_size_t using APR_SIZE_T_FMT.

* modules/proxy/proxy_http.c (ap_proxy_http_request): Print

apr_uint64_t using APR_UINT64_T_HEX_FMT.

  1. … 2 more files in changeset.