ssl_scache.c revision 8924441191e0f26ee78a2d8539d1501708b830dc
ad9437836f5d94b44d40ee702a0455a637c30322Lennart Poettering/* Licensed to the Apache Software Foundation (ASF) under one or more
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * contributor license agreements. See the NOTICE file distributed with
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen * this work for additional information regarding copyright ownership.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * The ASF licenses this file to You under the Apache License, Version 2.0
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * (the "License"); you may not use this file except in compliance with
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * the License. You may obtain a copy of the License at
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen *
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * http://www.apache.org/licenses/LICENSE-2.0
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen *
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Unless required by applicable law or agreed to in writing, software
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * distributed under the License is distributed on an "AS IS" BASIS,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * See the License for the specific language governing permissions and
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * limitations under the License.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* _ _
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * _ __ ___ ___ __| | ___ ___| | mod_ssl
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * | | | | | | (_) | (_| | \__ \__ \ |
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * |_| |_| |_|\___/ \__,_|___|___/___/_|
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * |_____|
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * ssl_scache.c
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Session Cache Abstraction
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek /* ``Open-Source Software: generous
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek programmers from around the world all
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek join forces to help you shoot
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek yourself in the foot for free.''
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek -- Unknown */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#include "ssl_private.h"
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#include "mod_status.h"
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek/* _________________________________________________________________
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek**
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek** Session Cache: Common Abstraction Layer
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek** _________________________________________________________________
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek*/
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekvoid ssl_scache_init(server_rec *s, apr_pool_t *p)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_status_t rv;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek struct ap_socache_hints hints;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek /* The very first invocation of this function will be the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * post_config invocation during server startup; do nothing for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * this first (and only the first) time through, since the pool
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * will be immediately cleared anyway. For every subsequent
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * invocation, initialize the configured cache. */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#ifdef HAVE_OCSP_STAPLING
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->stapling_cache) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek memset(&hints, 0, sizeof hints);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.avg_obj_size = 1500;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.avg_id_len = 20;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.expiry_interval = 300;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek rv = mc->stapling_cache->init(mc->stapling_cache_context,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "mod_ssl-stapling", &hints, s, p);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (rv) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "Could not initialize stapling cache. Exiting.");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_die();
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#endif
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen /*
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * Warn the user that he should use the session cache.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * But we can operate without it, of course.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache == NULL) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen "Init: Session Cache is not configured "
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "[hint: SSLSessionCache]");
57e27ec0ada6775d85a5201cd25e989d92d0a1afZbigniew Jędrzejewski-Szmek return;
57e27ec0ada6775d85a5201cd25e989d92d0a1afZbigniew Jędrzejewski-Szmek }
57e27ec0ada6775d85a5201cd25e989d92d0a1afZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek memset(&hints, 0, sizeof hints);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.avg_obj_size = 150;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.avg_id_len = 30;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek hints.expiry_interval = 30;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek rv = mc->sesscache->init(mc->sesscache_context, "mod_ssl-session", &hints, s, p);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (rv) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "Could not initialize session cache. Exiting.");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_die();
a22e1850c36e52cb9d593b99be59b6ba7639d80aLennart Poettering }
a22e1850c36e52cb9d593b99be59b6ba7639d80aLennart Poettering}
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekvoid ssl_scache_kill(server_rec *s)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mc->sesscache->destroy(mc->sesscache_context, s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#ifdef HAVE_OCSP_STAPLING
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->stapling_cache) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mc->stapling_cache->destroy(mc->stapling_cache_context, s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#endif
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen}
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom GundersenBOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_time_t expiry, SSL_SESSION *sess,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_pool_t *p)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unsigned char encoded[SSL_SESSION_MAX_DER], *ptr;
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen unsigned int len;
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen apr_status_t rv;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek /* Serialise the session. */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek len = i2d_SSL_SESSION(sess, NULL);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (len > sizeof encoded) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "session is too big (%u bytes)", len);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return FALSE;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen ptr = encoded;
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen len = i2d_SSL_SESSION(sess, &ptr);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_on(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek rv = mc->sesscache->store(mc->sesscache_context, s, id, idlen,
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen expiry, encoded, len, p);
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen
5256e00e8b9015dd1a976d647fc71dc7efbd8cf8Tom Gundersen if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_off(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return rv == APR_SUCCESS ? TRUE : FALSE;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek}
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-SzmekSSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_pool_t *p)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unsigned char dest[SSL_SESSION_MAX_DER];
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unsigned int destlen = SSL_SESSION_MAX_DER;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_status_t rv;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_on(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek rv = mc->sesscache->retrieve(mc->sesscache_context, s, id, idlen,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek dest, &destlen, p);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_off(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (rv != APR_SUCCESS) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return NULL;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ptr = dest;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return d2i_SSL_SESSION(NULL, &ptr, destlen);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek}
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekvoid ssl_scache_remove(server_rec *s, UCHAR *id, int idlen,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek apr_pool_t *p)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_on(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mc->sesscache->remove(mc->sesscache_context, s, id, idlen, p);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_off(s);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek}
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek/* _________________________________________________________________
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek**
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek** SSL Extension to mod_status
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek** _________________________________________________________________
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek*/
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekstatic int ssl_ext_status_hook(request_rec *r, int flags)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek SSLModConfigRec *mc = myModConfig(r->server);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc == NULL || flags & AP_STATUS_SHORT || mc->sesscache == NULL)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return OK;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("<hr>\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("<table cellspacing=0 cellpadding=0>\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("<tr><td bgcolor=\"#000000\">\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("<b><font color=\"#ffffff\" face=\"Arial,Helvetica\">SSL/TLS Session Cache Status:</font></b>\r", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("</td></tr>\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("<tr><td bgcolor=\"#ffffff\">\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_on(r->server);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mc->sesscache->status(mc->sesscache_context, r, flags);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ssl_mutex_off(r->server);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek }
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("</td></tr>\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek ap_rputs("</table>\n", r);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek return OK;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek}
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekvoid ssl_scache_status_register(apr_pool_t *p)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek{
ad9437836f5d94b44d40ee702a0455a637c30322Lennart Poettering APR_OPTIONAL_HOOK(ap, status_hook, ssl_ext_status_hook, NULL, NULL,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek APR_HOOK_MIDDLE);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek}
e88d8021ba34be32ef5ace32e7243da798b0d1c5Zbigniew Jędrzejewski-Szmek
e88d8021ba34be32ef5ace32e7243da798b0d1c5Zbigniew Jędrzejewski-Szmek