Enable SSL/TLS session caching. Share SSL_CTX access workers.

2012-07-14 23:24:03 +09:00 · 2012-07-14 23:24:03 +09:00 · 7465289919
parent 06ed17ff26
commit 7465289919
7 changed files with 26 additions and 8 deletions
--- a/examples/shrpx_client_handler.cc
+++ b/examples/shrpx_client_handler.cc
@ -92,6 +92,11 @@ void upstream_eventcb(bufferevent *bev, short events, void *arg)
      }
      handler->set_bev_cb(upstream_readcb, upstream_writecb, upstream_eventcb);
      handler->validate_next_proto();
+      if(ENABLE_LOG) {
+        if(SSL_session_reused(handler->get_ssl())) {
+          LOG(INFO) << "SSL/TLS session reused";
+        }
+      }
      // At this point, input buffer is already filled with some
      // bytes.  The read callback is not called until new data
      // come. So consume input buffer here.
@ -260,4 +265,9 @@ size_t ClientHandler::get_pending_write_length()
  return evbuffer_get_length(output);
 }

+SSL* ClientHandler::get_ssl() const
+{
+  return ssl_;
+}
+
 } // namespace shrpx
--- a/examples/shrpx_client_handler.h
+++ b/examples/shrpx_client_handler.h
@ -59,6 +59,7 @@ public:
  void remove_downstream_connection(DownstreamConnection *dconn);
  DownstreamConnection* get_downstream_connection();
  size_t get_pending_write_length();
+  SSL* get_ssl() const;
 private:
  bufferevent *bev_;
  SSL *ssl_;
--- a/examples/shrpx_listen_handler.cc
+++ b/examples/shrpx_listen_handler.cc
@ -65,7 +65,8 @@ void ListenHandler::create_worker_thread(size_t num)
      LOG(ERROR) << "socketpair() failed: " << strerror(errno);
      continue;
    }
-    rv = pthread_create(&thread, &attr, start_threaded_worker, &info->sv[1]);
+    info->ssl_ctx = ssl_ctx_;
+    rv = pthread_create(&thread, &attr, start_threaded_worker, info);
    if(rv != 0) {
      LOG(ERROR) << "pthread_create() failed: " << strerror(rv);
      for(size_t j = 0; j < 2; ++j) {
--- a/examples/shrpx_listen_handler.h
+++ b/examples/shrpx_listen_handler.h
@ -38,6 +38,7 @@ namespace shrpx {

 struct WorkerInfo {
  int sv[2];
+  SSL_CTX *ssl_ctx;
  bufferevent *bev;
 };

--- a/examples/shrpx_ssl.cc
+++ b/examples/shrpx_ssl.cc
@ -80,6 +80,10 @@ SSL_CTX* create_ssl_context()
                      SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION |
                      SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);

+  const unsigned char sid_ctx[] = "shrpx";
+  SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx)-1);
+  SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
+
  SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
  SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
  SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
--- a/examples/shrpx_worker.cc
+++ b/examples/shrpx_worker.cc
@ -36,14 +36,13 @@

 namespace shrpx {

-Worker::Worker(int fd)
-  : fd_(fd),
-    ssl_ctx_(ssl::create_ssl_context())
+Worker::Worker(WorkerInfo *info)
+  : fd_(info->sv[1]),
+    ssl_ctx_(info->ssl_ctx)
 {}
  
 Worker::~Worker()
 {
-  SSL_CTX_free(ssl_ctx_);
  shutdown(fd_, SHUT_WR);
  close(fd_);
 }
@ -84,8 +83,8 @@ void Worker::run()

 void* start_threaded_worker(void *arg)
 {
-  int fd = *reinterpret_cast<int*>(arg);
-  Worker worker(fd);
+  WorkerInfo *info = reinterpret_cast<WorkerInfo*>(arg);
+  Worker worker(info);
  worker.run();
  return 0;
 }
--- a/examples/shrpx_worker.h
+++ b/examples/shrpx_worker.h
@ -30,11 +30,13 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>

+#include "shrpx_listen_handler.h"
+
 namespace shrpx {

 class Worker {
 public:
-  Worker(int fd);
+  Worker(WorkerInfo *info);
  ~Worker();
  void run();
 private: