Mercurial > hg > nginx
changeset 2032:12b3ad3353f9
ssl_session_cache none
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 26 May 2008 07:14:13 +0000 |
parents | c509e16b70f5 |
children | 6ab27a06f334 |
files | src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h src/http/modules/ngx_http_ssl_module.c src/mail/ngx_mail_ssl_module.c |
diffstat | 4 files changed, 39 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Sun May 25 18:27:38 2008 +0000 +++ b/src/event/ngx_event_openssl.c Mon May 26 07:14:13 2008 +0000 @@ -1267,6 +1267,29 @@ return NGX_OK; } + if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { + + /* + * If the server explicitly says that it does not support + * session reuse (see SSL_SESS_CACHE_OFF above), then + * Outlook Express fails to upload a sent email to + * the Sent Items folder on the IMAP server via a separate IMAP + * connection in the background. Therefore we have a special + * mode (SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE) + * where the server pretends that it supports session reuse, + * but it does not actually store any session. + */ + + SSL_CTX_set_session_cache_mode(ssl->ctx, + SSL_SESS_CACHE_SERVER + |SSL_SESS_CACHE_NO_AUTO_CLEAR + |SSL_SESS_CACHE_NO_INTERNAL_STORE); + + SSL_CTX_sess_set_cache_size(ssl->ctx, 1); + + return NGX_OK; + } + cache_mode = SSL_SESS_CACHE_SERVER; if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
--- a/src/event/ngx_event_openssl.h Sun May 25 18:27:38 2008 +0000 +++ b/src/event/ngx_event_openssl.h Mon May 26 07:14:13 2008 +0000 @@ -51,9 +51,10 @@ } ngx_ssl_connection_t; -#define NGX_SSL_DFLT_BUILTIN_SCACHE -2 -#define NGX_SSL_NO_BUILTIN_SCACHE -3 -#define NGX_SSL_NO_SCACHE -4 +#define NGX_SSL_NO_SCACHE -2 +#define NGX_SSL_NONE_SCACHE -3 +#define NGX_SSL_NO_BUILTIN_SCACHE -4 +#define NGX_SSL_DFLT_BUILTIN_SCACHE -5 #define NGX_SSL_MAX_SESSION_SIZE 4096
--- a/src/http/modules/ngx_http_ssl_module.c Sun May 25 18:27:38 2008 +0000 +++ b/src/http/modules/ngx_http_ssl_module.c Mon May 26 07:14:13 2008 +0000 @@ -415,7 +415,7 @@ } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -452,6 +452,11 @@ continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue;
--- a/src/mail/ngx_mail_ssl_module.c Sun May 25 18:27:38 2008 +0000 +++ b/src/mail/ngx_mail_ssl_module.c Mon May 26 07:14:13 2008 +0000 @@ -261,7 +261,7 @@ } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, NGX_SSL_NO_SCACHE); + prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -298,6 +298,11 @@ continue; } + if (ngx_strcmp(value[i].data, "none") == 0) { + scf->builtin_session_cache = NGX_SSL_NONE_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue;