From e5fca3df1df7454634cc1c96ade7603e5ba5bb09 Mon Sep 17 00:00:00 2001
From: "julien.pierre.bugs%sun.com" <julien.pierre.bugs%sun.com>
Date: Fri, 11 Nov 2005 02:44:56 +0000
Subject: [PATCH] Fix for bug 292156. Add -C SSLCacheEntries option to
 selfserv. r=nelson

---
 security/nss/cmd/selfserv/selfserv.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index b7e4b99c3d94..f4a3e65250d4 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -89,7 +89,7 @@
 #define PORT_Malloc PR_Malloc
 #endif
 
-#define NUM_SID_CACHE_ENTRIES 1024
+int NumSidCacheEntries = 1024;
 
 static int handle_connection( PRFileDesc *, PRFileDesc *, int );
 
@@ -206,7 +206,7 @@ Usage(const char *progName)
 "         [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
 #else
 "         [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n"
-"         [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
+"         [-L [seconds]] [-M maxProcs] [-P dbprefix] [-C SSLCacheEntries]\n"
 #endif /* NSS_ENABLE_ECC */
 "-S means disable SSL v2\n"
 "-3 means disable SSL v3\n"
@@ -232,6 +232,7 @@ Usage(const char *progName)
 "-i pid_file file to write the process id of selfserve\n"
 "-c ciphers   Letter(s) chosen from the following list\n"
 "-l means use local threads instead of global threads\n"
+"-C SSLCacheEntries sets the maximum number of entries in the SSL session cache\n"
 "A    SSL2 RC4 128 WITH MD5\n"
 "B    SSL2 RC4 128 EXPORT40 WITH MD5\n"
 "C    SSL2 RC2 128 CBC WITH MD5\n"
@@ -1663,7 +1664,7 @@ main(int argc, char **argv)
     ** numbers, then capital letters, then lower case, alphabetical. 
     */
     optstate = PL_CreateOptState(argc, argv, 
-    	"2:3BDEL:M:NP:RSTbc:d:e:f:hi:lmn:op:rst:vw:xy");
+    	"2:3BC:DEL:M:NP:RSTbc:d:e:f:hi:lmn:op:rst:vw:xy");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	++optionsFound;
 	switch(optstate->option) {
@@ -1673,6 +1674,8 @@ main(int argc, char **argv)
 
 	case 'B': bypassPKCS11 = PR_TRUE; break;
 
+        case 'C': if (optstate->value) NumSidCacheEntries = PORT_Atoi(optstate->value); break;
+
 	case 'D': noDelay = PR_TRUE; break;
 	case 'E': disableStepDown = PR_TRUE; break;
 
@@ -1839,7 +1842,7 @@ main(int argc, char **argv)
     } else if (maxProcs > 1) {
 	/* we're going to be the parent in a multi-process server.  */
 	listen_sock = getBoundListenSocket(port);
-	rv = SSL_ConfigMPServerSIDCache(NUM_SID_CACHE_ENTRIES, 0, 0, tmp);
+	rv = SSL_ConfigMPServerSIDCache(NumSidCacheEntries, 0, 0, tmp);
 	if (rv != SECSuccess)
 	    errExit("SSL_ConfigMPServerSIDCache");
     	hasSidCache = PR_TRUE;
@@ -1852,7 +1855,7 @@ main(int argc, char **argv)
 	if (prStatus != PR_SUCCESS)
 	    errExit("PR_SetFDInheritable");
 	if (!NoReuse) {
-	    rv = SSL_ConfigServerSessionIDCache(NUM_SID_CACHE_ENTRIES, 
+	    rv = SSL_ConfigServerSessionIDCache(NumSidCacheEntries, 
 	                                        0, 0, tmp);
 	    if (rv != SECSuccess)
 		errExit("SSL_ConfigServerSessionIDCache");