[PATCH] expire ssl session with each close connection

Thu, 30 Dec 1999 16:45:39 -0800 

A long while back, ssl sessions were expired every 100 server restarts. For
a busy server that stayed up a long while, this was less than
optimal. Currently ssl sessions are expired on each server start and
restart, session cache store and retrieve. Doing this on a server start or
restart is not necessary since the session cache is truncated. And doing
this on each store and retrieve seems a bit excessive to me. How about
expiring ssl sessions when a connection is closed?

-Tom

Index: ssl_engine_kernel.c
===================================================================
RCS file: 
/usr/aventail/src/cvsroot/sdk/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.114
diff -u -r1.114 ssl_engine_kernel.c
--- ssl_engine_kernel.c 1999/11/24 11:28:10     1.114
+++ ssl_engine_kernel.c 1999/12/31 00:16:39
@@ -509,6 +509,10 @@
             "Connection to child %d closed with %s shutdown (server %s, client %s)",
             conn->child_num, cpType, ssl_util_vhostid(conn->pool, conn->server),
             conn->remote_ip != NULL ? conn->remote_ip : "unknown");
+
+    /* allow the regular expiring to occur */
+    ssl_scache_expire(s, time(NULL));
+
     return;
 }
 
Index: ssl_engine_scache.c
===================================================================
RCS file: 
/usr/aventail/src/cvsroot/sdk/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_scache.c,v
retrieving revision 1.49
diff -u -r1.49 ssl_engine_scache.c
--- ssl_engine_scache.c 1999/11/22 19:38:49     1.49
+++ ssl_engine_scache.c 1999/12/31 00:16:39
@@ -86,7 +86,6 @@
         ssl_scache_dbm_init(s, p);
     else if (mc->nSessionCacheMode == SSL_SCMODE_SHM)
         ssl_scache_shm_init(s, p);
-    ssl_scache_expire(s, time(NULL));
 
 #ifdef SSL_VENDOR
     ap_hook_use("ap::mod_ssl::vendor::scache_init",
@@ -140,9 +139,6 @@
                 AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, &SCI);
 #endif
     
-    /* allow the regular expiring to occur */
-    ssl_scache_expire(s, time(NULL));
-
     return rc;
 }
 
@@ -155,9 +151,6 @@
 
     /* determine current time */
     tNow = time(NULL);
-
-    /* allow the regular expiring to occur */
-    ssl_scache_expire(s, tNow);
 
     /* create cache query */
     SCI.ucaKey     = id;

-- 
Tom Vaughan <tvaughan at aventail dot com>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to