1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17/* _ _ 18 * _ __ ___ ___ __| | ___ ___| | mod_ssl 19 * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL 20 * | | | | | | (_) | (_| | \__ \__ \ | 21 * |_| |_| |_|\___/ \__,_|___|___/___/_| 22 * |_____| 23 * ssl_scache.c 24 * Session Cache Abstraction 25 */ 26 /* ``Open-Source Software: generous 27 programmers from around the world all 28 join forces to help you shoot 29 yourself in the foot for free.'' 30 -- Unknown */ 31#include "ssl_private.h" 32#include "mod_status.h" 33 34/* _________________________________________________________________ 35** 36** Session Cache: Common Abstraction Layer 37** _________________________________________________________________ 38*/ 39 40void ssl_scache_init(server_rec *s, apr_pool_t *p) 41{ 42 SSLModConfigRec *mc = myModConfig(s); 43 44 /* 45 * Warn the user that he should use the session cache. 46 * But we can operate without it, of course. 47 */ 48 if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) { 49 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, 50 "Init: Session Cache is not configured " 51 "[hint: SSLSessionCache]"); 52 mc->nSessionCacheMode = SSL_SCMODE_NONE; 53 return; 54 } 55 56 if (mc->nSessionCacheMode == SSL_SCMODE_DBM) 57 ssl_scache_dbm_init(s, p); 58#ifdef HAVE_DISTCACHE 59 else if (mc->nSessionCacheMode == SSL_SCMODE_DC) 60 ssl_scache_dc_init(s, p); 61#endif 62 else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) { 63 void *data; 64 const char *userdata_key = "ssl_scache_init"; 65 66 apr_pool_userdata_get(&data, userdata_key, s->process->pool); 67 if (!data) { 68 apr_pool_userdata_set((const void *)1, userdata_key, 69 apr_pool_cleanup_null, s->process->pool); 70 return; 71 } 72 ssl_scache_shmcb_init(s, p); 73 } 74} 75 76void ssl_scache_kill(server_rec *s) 77{ 78 SSLModConfigRec *mc = myModConfig(s); 79 80 if (mc->nSessionCacheMode == SSL_SCMODE_DBM) 81 ssl_scache_dbm_kill(s); 82 else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) 83 ssl_scache_shmcb_kill(s); 84#ifdef HAVE_DISTCACHE 85 else if (mc->nSessionCacheMode == SSL_SCMODE_DC) 86 ssl_scache_dc_kill(s); 87#endif 88 return; 89} 90 91BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess) 92{ 93 SSLModConfigRec *mc = myModConfig(s); 94 BOOL rv = FALSE; 95 96 if (mc->nSessionCacheMode == SSL_SCMODE_DBM) 97 rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess); 98 else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) 99 rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess); 100#ifdef HAVE_DISTCACHE 101 else if (mc->nSessionCacheMode == SSL_SCMODE_DC) 102 rv = ssl_scache_dc_store(s, id, idlen, expiry, sess); 103#endif 104 return rv; 105} 106 107SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen) 108{ 109 SSLModConfigRec *mc = myModConfig(s); 110 SSL_SESSION *sess = NULL; 111 112 if (mc->nSessionCacheMode == SSL_SCMODE_DBM) 113 sess = ssl_scache_dbm_retrieve(s, id, idlen); 114 else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) 115 sess = ssl_scache_shmcb_retrieve(s, id, idlen); 116#ifdef HAVE_DISTCACHE 117 else if (mc->nSessionCacheMode == SSL_SCMODE_DC) 118 sess = ssl_scache_dc_retrieve(s, id, idlen); 119#endif 120 return sess; 121} 122 123void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen) 124{ 125 SSLModConfigRec *mc = myModConfig(s); 126 127 if (mc->nSessionCacheMode == SSL_SCMODE_DBM) 128 ssl_scache_dbm_remove(s, id, idlen); 129 else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) 130 ssl_scache_shmcb_remove(s, id, idlen); 131#ifdef HAVE_DISTCACHE 132 else if (mc->nSessionCacheMode == SSL_SCMODE_DC) 133 ssl_scache_dc_remove(s, id, idlen); 134#endif 135 return; 136} 137 138/* _________________________________________________________________ 139** 140** SSL Extension to mod_status 141** _________________________________________________________________ 142*/ 143static int ssl_ext_status_hook(request_rec *r, int flags) 144{ 145 SSLSrvConfigRec *sc = mySrvConfig(r->server); 146 147 if (sc == NULL || flags & AP_STATUS_SHORT) 148 return OK; 149 150 ap_rputs("<hr>\n", r); 151 ap_rputs("<table cellspacing=0 cellpadding=0>\n", r); 152 ap_rputs("<tr><td bgcolor=\"#000000\">\n", r); 153 ap_rputs("<b><font color=\"#ffffff\" face=\"Arial,Helvetica\">SSL/TLS Session Cache Status:</font></b>\r", r); 154 ap_rputs("</td></tr>\n", r); 155 ap_rputs("<tr><td bgcolor=\"#ffffff\">\n", r); 156 157 if (sc->mc->nSessionCacheMode == SSL_SCMODE_DBM) 158 ssl_scache_dbm_status(r, flags, r->pool); 159 else if (sc->mc->nSessionCacheMode == SSL_SCMODE_SHMCB) 160 ssl_scache_shmcb_status(r, flags, r->pool); 161#ifdef HAVE_DISTCACHE 162 else if (sc->mc->nSessionCacheMode == SSL_SCMODE_DC) 163 ssl_scache_dc_status(r, flags, r->pool); 164#endif 165 166 ap_rputs("</td></tr>\n", r); 167 ap_rputs("</table>\n", r); 168 return OK; 169} 170 171void ssl_scache_status_register(apr_pool_t *p) 172{ 173 APR_OPTIONAL_HOOK(ap, status_hook, ssl_ext_status_hook, NULL, NULL, 174 APR_HOOK_MIDDLE); 175} 176 177