#include "ssl_private.h"
#ifdef HAVE_DISTCACHE
#include "distcache/dc_client.h"
#if !defined(DISTCACHE_CLIENT_API) || (DISTCACHE_CLIENT_API < 0x0001)
#error "You must compile with a more recent version of the distcache-base package"
#endif
void ssl_scache_dc_init(server_rec *s, apr_pool_t *p)
{
DC_CTX *ctx;
SSLModConfigRec *mc = myModConfig(s);
if (mc->szSessionCacheDataFile == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSLSessionCache required");
ssl_die();
}
#if 0
#define SESSION_CTX_FLAGS SESSION_CTX_FLAG_PERSISTENT | \
SESSION_CTX_FLAG_PERSISTENT_PIDCHECK | \
SESSION_CTX_FLAG_PERSISTENT_RETRY | \
SESSION_CTX_FLAG_PERSISTENT_LATE
#else
#define SESSION_CTX_FLAGS 0
#endif
ctx = DC_CTX_new(mc->szSessionCacheDataFile, SESSION_CTX_FLAGS);
if (!ctx) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache failed to obtain context");
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "distributed scache context initialised");
mc->tSessionCacheDataTable = ctx;
return;
}
void ssl_scache_dc_kill(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
if (mc->tSessionCacheDataTable)
DC_CTX_free(mc->tSessionCacheDataTable);
mc->tSessionCacheDataTable = NULL;
}
BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen,
time_t timeout, SSL_SESSION * pSession)
{
unsigned char der[SSL_SESSION_MAX_DER];
int der_len;
unsigned char *pder = der;
SSLModConfigRec *mc = myModConfig(s);
DC_CTX *ctx = mc->tSessionCacheDataTable;
if ((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER)
return FALSE;
i2d_SSL_SESSION(pSession, &pder);
timeout -= time(NULL);
if (!DC_CTX_add_session(ctx, id, idlen, der, der_len,
(unsigned long)timeout * 1000)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'add_session' failed");
return FALSE;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'add_session' successful");
return TRUE;
}
SSL_SESSION *ssl_scache_dc_retrieve(server_rec *s, UCHAR *id, int idlen)
{
unsigned char der[SSL_SESSION_MAX_DER];
unsigned int der_len;
SSL_SESSION *pSession;
MODSSL_D2I_SSL_SESSION_CONST unsigned char *pder = der;
SSLModConfigRec *mc = myModConfig(s);
DC_CTX *ctx = mc->tSessionCacheDataTable;
if (!DC_CTX_get_session(ctx, id, idlen, der, SSL_SESSION_MAX_DER,
&der_len)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session' MISS");
return NULL;
}
if (der_len > SSL_SESSION_MAX_DER) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session' OVERFLOW");
return NULL;
}
pSession = d2i_SSL_SESSION(NULL, &pder, der_len);
if (!pSession) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session' CORRUPT");
return NULL;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session' HIT");
return pSession;
}
void ssl_scache_dc_remove(server_rec *s, UCHAR *id, int idlen)
{
SSLModConfigRec *mc = myModConfig(s);
DC_CTX *ctx = mc->tSessionCacheDataTable;
if (!DC_CTX_remove_session(ctx, id, idlen)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session' MISS");
} else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session' HIT");
}
}
void ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool)
{
SSLModConfigRec *mc = myModConfig(r->server);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"distributed scache 'ssl_scache_dc_status'");
ap_rprintf(r, "cache type: <b>DC (Distributed Cache)</b>, "
" target: <b>%s</b><br>", mc->szSessionCacheDataFile);
}
#endif