From dfd81a23b2771fa8a9be37a2a911562826005124 Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Thu, 4 Aug 2011 11:12:30 +0000 Subject: [PATCH] A new fix for the case when ssl_session_cache defined, but ssl is not enabled in any server. The previous r1033 does not help when unused zone becomes used after reconfiguration, so it is backed out. The initial thought was to make SSL modules independed from SSL implementation and to keep OpenSSL code dependance as much as in separate files. --- src/core/ngx_cycle.c | 5 ----- src/event/ngx_event_openssl.c | 7 ++----- src/event/ngx_event_openssl.h | 1 + src/http/modules/ngx_http_ssl_module.c | 2 ++ src/mail/ngx_mail_ssl_module.c | 2 ++ 5 files changed, 7 insertions(+), 10 deletions(-) diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c index 79867079d..968056c42 100644 --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -418,11 +418,6 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) goto failed; } - if (shm_zone[i].init == NULL) { - /* unused shared zone */ - continue; - } - shm_zone[i].shm.log = cycle->log; opart = &old_cycle->shared_memory.part; diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 692f50639..bb689488a 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -26,8 +26,7 @@ static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, char *text); static void ngx_ssl_clear_error(ngx_log_t *log); -static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, - void *data); +ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess); static ngx_ssl_session_t *ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, @@ -1505,8 +1504,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, SSL_CTX_set_timeout(ssl->ctx, (long) timeout); if (shm_zone) { - shm_zone->init = ngx_ssl_session_cache_init; - SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session); @@ -1524,7 +1521,7 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, } -static ngx_int_t +ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data) { size_t len; diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 204d5f08e..33cab7b3c 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -104,6 +104,7 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); +ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags); diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 120a858df..143f04d57 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -626,6 +626,8 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; } + sscf->shm_zone->init = ngx_ssl_session_cache_init; + return NGX_CONF_OK; invalid: diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index 5767a2fd4..d06f7d2a9 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -474,6 +474,8 @@ ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; } + scf->shm_zone->init = ngx_ssl_session_cache_init; + return NGX_CONF_OK; invalid: