# HG changeset patch # User Igor Sysoev # Date 1198700842 0 # Node ID 14510c3cc6cb4e23880ee015541bfc9b6e2667f5 # Parent edaea30d83befa5cc8c7e88c2de92d7c91ff1a6a ssl_session_cache off diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1174,6 +1174,11 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ng { long cache_mode; + if (builtin_session_cache == NGX_SSL_NO_SCACHE) { + SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); + return NGX_OK; + } + cache_mode = SSL_SESS_CACHE_SERVER; if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -53,9 +53,10 @@ typedef struct { #define NGX_SSL_DFLT_BUILTIN_SCACHE -2 #define NGX_SSL_NO_BUILTIN_SCACHE -3 +#define NGX_SSL_NO_SCACHE -4 -#define NGX_SSL_MAX_SESSION_SIZE (4096) +#define NGX_SSL_MAX_SESSION_SIZE 4096 typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t; diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -415,8 +415,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, - NGX_SSL_DFLT_BUILTIN_SCACHE); + prev->builtin_session_cache, NGX_SSL_NO_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -448,6 +447,11 @@ ngx_http_ssl_session_cache(ngx_conf_t *c for (i = 1; i < cf->args->nelts; i++) { + if (ngx_strcmp(value[i].data, "off") == 0) { + sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue; diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -208,10 +208,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); ngx_conf_merge_str_value(conf->certificate, prev->certificate, - NGX_DEFLAUT_CERTIFICATE); + NGX_DEFLAUT_CERTIFICATE); ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, - NGX_DEFLAUT_CERTIFICATE_KEY); + NGX_DEFLAUT_CERTIFICATE_KEY); ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); @@ -261,8 +261,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, } ngx_conf_merge_value(conf->builtin_session_cache, - prev->builtin_session_cache, - NGX_SSL_DFLT_BUILTIN_SCACHE); + prev->builtin_session_cache, NGX_SSL_NO_SCACHE); if (conf->shm_zone == NULL) { conf->shm_zone = prev->shm_zone; @@ -294,6 +293,11 @@ ngx_mail_ssl_session_cache(ngx_conf_t *c for (i = 1; i < cf->args->nelts; i++) { + if (ngx_strcmp(value[i].data, "off") == 0) { + scf->builtin_session_cache = NGX_SSL_NO_SCACHE; + continue; + } + if (ngx_strcmp(value[i].data, "builtin") == 0) { scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; continue;