nghttpx: Minimize critical section for shared ocsp response

This commit is contained in:
Tatsuhiro Tsujikawa 2015-06-12 21:27:12 +09:00
parent c6c7145167
commit 532bffdb01
3 changed files with 26 additions and 16 deletions

View File

@ -510,7 +510,8 @@ void ConnectionHandler::handle_ocsp_complete() {
{
std::lock_guard<std::mutex> g(tls_ctx_data->mu);
tls_ctx_data->ocsp_data = std::move(ocsp_.resp);
tls_ctx_data->ocsp_data =
std::make_shared<std::vector<uint8_t>>(std::move(ocsp_.resp));
}
++ocsp_.next;

View File

@ -150,28 +150,37 @@ int servername_callback(SSL *ssl, int *al, void *arg) {
}
} // namespace
namespace {
std::shared_ptr<std::vector<uint8_t>>
get_ocsp_data(TLSContextData *tls_ctx_data) {
std::lock_guard<std::mutex> g(tls_ctx_data->mu);
return tls_ctx_data->ocsp_data;
}
} // namespace
namespace {
int ocsp_resp_cb(SSL *ssl, void *arg) {
auto ssl_ctx = SSL_get_SSL_CTX(ssl);
auto tls_ctx_data =
static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
{
std::lock_guard<std::mutex> g(tls_ctx_data->mu);
auto &data = tls_ctx_data->ocsp_data;
if (!data.empty()) {
auto buf = static_cast<uint8_t *>(
CRYPTO_malloc(data.size(), __FILE__, __LINE__));
auto data = get_ocsp_data(tls_ctx_data);
if (!buf) {
return SSL_TLSEXT_ERR_OK;
}
std::copy(std::begin(data), std::end(data), buf);
SSL_set_tlsext_status_ocsp_resp(ssl, buf, data.size());
}
if (!data) {
return SSL_TLSEXT_ERR_OK;
}
auto buf =
static_cast<uint8_t *>(CRYPTO_malloc(data->size(), __FILE__, __LINE__));
if (!buf) {
return SSL_TLSEXT_ERR_OK;
}
std::copy(std::begin(*data), std::end(*data), buf);
SSL_set_tlsext_status_ocsp_resp(ssl, buf, data->size());
return SSL_TLSEXT_ERR_OK;
}
} // namespace

View File

@ -49,7 +49,7 @@ struct TLSContextData {
// Protects ocsp_data;
std::mutex mu;
// OCSP response
std::vector<uint8_t> ocsp_data;
std::shared_ptr<std::vector<uint8_t>> ocsp_data;
// Path to certificate file
const char *cert_file;