diff --git a/gennghttpxfun.py b/gennghttpxfun.py index bba4e8a0..b913d797 100755 --- a/gennghttpxfun.py +++ b/gennghttpxfun.py @@ -95,6 +95,7 @@ OPTIONS = [ "host-rewrite", "tls-session-cache-memcached", "tls-ticket-key-memcached", + "tls-ticket-key-memcached-interval", "conf", ] diff --git a/src/shrpx.cc b/src/shrpx.cc index ed6a46dc..5d154e2a 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -1505,6 +1505,11 @@ SSL/TLS: keys from memcached, and use them, possibly replacing current set of keys. It is up to extern TLS ticket key generator to rotate keys frequently. + --tls-ticket-key-memcached-interval= + Set interval to get TLS ticket keys from memcached. + Default: )" + << util::duration_str(get_config()->tls_ticket_key_memcached_interval) + << R"( HTTP/2 and SPDY: -c, --http2-max-concurrent-streams= @@ -1870,6 +1875,8 @@ int main(int argc, char **argv) { {SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85}, {SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED, required_argument, &flag, 86}, {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87}, + {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag, + 88}, {nullptr, 0, nullptr, 0}}; int option_index = 0; @@ -2252,6 +2259,11 @@ int main(int argc, char **argv) { // --tls-ticket-key-memcached cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, optarg); break; + case 88: + // --tls-ticket-key-memcached-interval + cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, + optarg); + break; default: break; } diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 55da8c12..22b76219 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -707,6 +707,7 @@ enum { SHRPX_OPTID_TLS_TICKET_CIPHER, SHRPX_OPTID_TLS_TICKET_KEY_FILE, SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED, + SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL, SHRPX_OPTID_USER, SHRPX_OPTID_VERIFY_CLIENT, SHRPX_OPTID_VERIFY_CLIENT_CACERT, @@ -1221,6 +1222,15 @@ int option_lookup_token(const char *name, size_t namelen) { break; } break; + case 33: + switch (name[32]) { + case 'l': + if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) { + return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL; + } + break; + } + break; case 34: switch (name[33]) { case 'r': @@ -1898,6 +1908,9 @@ int parse_config(const char *opt, const char *optarg, return 0; } + case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL: + return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt, + optarg); case SHRPX_OPTID_CONF: LOG(WARN) << "conf: ignored"; diff --git a/src/shrpx_config.h b/src/shrpx_config.h index 48f3be71..77ff6295 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -177,6 +177,8 @@ constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED[] = "tls-session-cache-memcached"; constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED[] = "tls-ticket-key-memcached"; +constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] = + "tls-ticket-key-memcached-interval"; union sockaddr_union { sockaddr_storage storage;