ssl_session_cache off

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index b6b7014671812e12b286a301aee1285de016e24c..cc43e39dd6abf77c20d24d04e89b3ab6a4a2efed 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1174,6 +1174,11 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
 {
     long  cache_mode;
 
+    if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
+        SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
+        return NGX_OK;
+    }
+
     cache_mode = SSL_SESS_CACHE_SERVER;
 
     if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 05d60144b9c45649fe728c0da970fc8e901eb4ba..7592ff2c1dea216e115826568c0691ac0f88dd0c 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -53,9 +53,10 @@ typedef struct {
 
 #define NGX_SSL_DFLT_BUILTIN_SCACHE  -2
 #define NGX_SSL_NO_BUILTIN_SCACHE    -3
+#define NGX_SSL_NO_SCACHE            -4
 
 
-#define NGX_SSL_MAX_SESSION_SIZE (4096)
+#define NGX_SSL_MAX_SESSION_SIZE  4096
 
 typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;
 

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index c096441d0bd688befc649674123b12d44c0ee6f8..3359900fdd7f394cfddbc5d18c150e86fc188443 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -415,8 +415,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     }
 
     ngx_conf_merge_value(conf->builtin_session_cache,
-                         prev->builtin_session_cache,
-                         NGX_SSL_DFLT_BUILTIN_SCACHE);
+                         prev->builtin_session_cache, NGX_SSL_NO_SCACHE);
 
     if (conf->shm_zone == NULL) {
         conf->shm_zone = prev->shm_zone;
@@ -448,6 +447,11 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     for (i = 1; i < cf->args->nelts; i++) {
 
+        if (ngx_strcmp(value[i].data, "off") == 0) {
+            sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
+            continue;
+        }
+
         if (ngx_strcmp(value[i].data, "builtin") == 0) {
             sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
             continue;

diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 07665345ae2ca78ebfa75d20a2057c9001667ce5..7360539caca4f62f7a1346f394bd16b203e872e6 100644 (file)
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -208,10 +208,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                           |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate,
-                             NGX_DEFLAUT_CERTIFICATE);
+                         NGX_DEFLAUT_CERTIFICATE);
 
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
-                             NGX_DEFLAUT_CERTIFICATE_KEY);
+                         NGX_DEFLAUT_CERTIFICATE_KEY);
 
     ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
 
@@ -261,8 +261,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     }
 
     ngx_conf_merge_value(conf->builtin_session_cache,
-                         prev->builtin_session_cache,
-                         NGX_SSL_DFLT_BUILTIN_SCACHE);
+                         prev->builtin_session_cache, NGX_SSL_NO_SCACHE);
 
     if (conf->shm_zone == NULL) {
         conf->shm_zone = prev->shm_zone;
@@ -294,6 +293,11 @@ ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     for (i = 1; i < cf->args->nelts; i++) {
 
+        if (ngx_strcmp(value[i].data, "off") == 0) {
+            scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
+            continue;
+        }
+
         if (ngx_strcmp(value[i].data, "builtin") == 0) {
             scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
             continue;