# HG changeset patch # User Igor Sysoev # Date 1215430128 0 # Node ID ef3f8a5bd14320c300556a6039a378b07ec6bc7c # Parent c80aa2bf4f4bbca77ef25aac426259779955f09d r2033 merge: ssl_session_cache none diff -r c80aa2bf4f4b -r ef3f8a5bd143 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Mon Jul 07 11:25:22 2008 +0000 +++ b/src/event/ngx_event_openssl.c Mon Jul 07 11:28:48 2008 +0000 @@ -1267,6 +1267,29 @@ return NGX_OK; } + if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { + + /* + * If the server explicitly says that it does not support + * session reuse (see SSL_SESS_CACHE_OFF above), then + * Outlook Express fails to upload a sent email to + * the Sent Items folder on the IMAP server via a separate IMAP + * connection in the background. Therefore we have a special + * mode (SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE) + * where the server pretends that it supports session reuse, + * but it does not actually store any session. + */ + + SSL_CTX_set_session_cache_mode(ssl->ctx, + SSL_SESS_CACHE_SERVER + |SSL_SESS_CACHE_NO_AUTO_CLEAR + |SSL_SESS_CACHE_NO_INTERNAL_STORE); + + SSL_CTX_sess_set_cache_size(ssl->ctx, 1); + + return NGX_OK; + } + cache_mode = SSL_SESS_CACHE_SERVER; if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { diff -r c80aa2bf4f4b -r ef3f8a5bd143 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Mon Jul 07 11:25:22 2008 +0000 +++ b/src/event/ngx_event_openssl.h Mon Jul 07 11:28:48 2008 +0000 @@ -51,9 +51,10 @@ } ngx_ssl_connection_t; -#define NGX_SSL_DFLT_BUILTIN_SCACHE -2 -#define NGX_SSL_NO_BUILTIN_SCACHE -3 -#define NGX_SSL_NO_SCACHE -4 +#define NGX_SSL_NO_SCACHE -2 +#define NGX_SSL_NONE_SCACHE -3 +#define NGX_SSL_NO_BUILTIN_SCACHE -4 +#define NGX_SSL_DFLT_BUILTIN_SCACHE -5 #define NGX_SSL_MAX_SESSION_SIZE 4096 diff -r c80aa2bf4f4b -r ef3f8a5bd143 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Mon Jul 07 11:25:22 2008 +0000 +++ b/src/http/modules/ngx_http_ssl_module.c Mon Jul 07 11:28:48 2008 +0000 @@ -415,7 +415,7 @@ } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -452,6 +452,11 @@ continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue; diff -r c80aa2bf4f4b -r ef3f8a5bd143 src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c Mon Jul 07 11:25:22 2008 +0000 +++ b/src/mail/ngx_mail_ssl_module.c Mon Jul 07 11:28:48 2008 +0000 @@ -261,7 +261,7 @@ } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -298,6 +298,11 @@ continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + scf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue;