diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2008-05-26 11:14:13 +0400 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2008-05-26 11:14:13 +0400 |
| commit | d6548faf64a1ff1f06f642558967bf2b337d178d (patch) | |
| tree | 3b13dbe1587a016a8b2eb61ba5e4b6b674917f6d | |
| parent | 4c8eb4263f3db2e09d0f506af15082c0d3814b85 (diff) | |
ssl_session_cache none
| -rw-r--r-- | src/event/ngx_event_openssl.c | 23 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 7 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 7 | ||||
| -rw-r--r-- | src/mail/ngx_mail_ssl_module.c | 7 |
4 files changed, 39 insertions, 5 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 559c00772..7b44815d7 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1267,6 +1267,29 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, return NGX_OK; } + if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { + + /* + * If the server explicitly says that it does not support + * session reuse (see SSL_SESS_CACHE_OFF above), then + * Outlook Express fails to upload a sent email to + * the Sent Items folder on the IMAP server via a separate IMAP + * connection in the background. Therefore we have a special + * mode (SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE) + * where the server pretends that it supports session reuse, + * but it does not actually store any session. + */ + + SSL_CTX_set_session_cache_mode(ssl->ctx, + SSL_SESS_CACHE_SERVER + |SSL_SESS_CACHE_NO_AUTO_CLEAR + |SSL_SESS_CACHE_NO_INTERNAL_STORE); + + SSL_CTX_sess_set_cache_size(ssl->ctx, 1); + + return NGX_OK; + } + cache_mode = SSL_SESS_CACHE_SERVER; if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index b9771c121..4c3dd4830 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -51,9 +51,10 @@ typedef struct { } ngx_ssl_connection_t; -#define NGX_SSL_DFLT_BUILTIN_SCACHE -2 -#define NGX_SSL_NO_BUILTIN_SCACHE -3 -#define NGX_SSL_NO_SCACHE -4 +#define NGX_SSL_NO_SCACHE -2 +#define NGX_SSL_NONE_SCACHE -3 +#define NGX_SSL_NO_BUILTIN_SCACHE -4 +#define NGX_SSL_DFLT_BUILTIN_SCACHE -5 #define NGX_SSL_MAX_SESSION_SIZE 4096 diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 3359900fd..ea9ff8f7e 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -415,7 +415,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -452,6 +452,11 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue; diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index 7360539ca..a387e59d1 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -261,7 +261,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -298,6 +298,11 @@ ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + scf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue; |