Enable SSL/TLS session caching. Share SSL_CTX access workers.

This commit is contained in:
Tatsuhiro Tsujikawa 2012-07-14 23:24:03 +09:00
parent 06ed17ff26
commit 7465289919
7 changed files with 26 additions and 8 deletions

View File

@ -92,6 +92,11 @@ void upstream_eventcb(bufferevent *bev, short events, void *arg)
}
handler->set_bev_cb(upstream_readcb, upstream_writecb, upstream_eventcb);
handler->validate_next_proto();
if(ENABLE_LOG) {
if(SSL_session_reused(handler->get_ssl())) {
LOG(INFO) << "SSL/TLS session reused";
}
}
// At this point, input buffer is already filled with some
// bytes. The read callback is not called until new data
// come. So consume input buffer here.
@ -260,4 +265,9 @@ size_t ClientHandler::get_pending_write_length()
return evbuffer_get_length(output);
}
SSL* ClientHandler::get_ssl() const
{
return ssl_;
}
} // namespace shrpx

View File

@ -59,6 +59,7 @@ public:
void remove_downstream_connection(DownstreamConnection *dconn);
DownstreamConnection* get_downstream_connection();
size_t get_pending_write_length();
SSL* get_ssl() const;
private:
bufferevent *bev_;
SSL *ssl_;

View File

@ -65,7 +65,8 @@ void ListenHandler::create_worker_thread(size_t num)
LOG(ERROR) << "socketpair() failed: " << strerror(errno);
continue;
}
rv = pthread_create(&thread, &attr, start_threaded_worker, &info->sv[1]);
info->ssl_ctx = ssl_ctx_;
rv = pthread_create(&thread, &attr, start_threaded_worker, info);
if(rv != 0) {
LOG(ERROR) << "pthread_create() failed: " << strerror(rv);
for(size_t j = 0; j < 2; ++j) {

View File

@ -38,6 +38,7 @@ namespace shrpx {
struct WorkerInfo {
int sv[2];
SSL_CTX *ssl_ctx;
bufferevent *bev;
};

View File

@ -80,6 +80,10 @@ SSL_CTX* create_ssl_context()
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
const unsigned char sid_ctx[] = "shrpx";
SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx)-1);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);

View File

@ -36,14 +36,13 @@
namespace shrpx {
Worker::Worker(int fd)
: fd_(fd),
ssl_ctx_(ssl::create_ssl_context())
Worker::Worker(WorkerInfo *info)
: fd_(info->sv[1]),
ssl_ctx_(info->ssl_ctx)
{}
Worker::~Worker()
{
SSL_CTX_free(ssl_ctx_);
shutdown(fd_, SHUT_WR);
close(fd_);
}
@ -84,8 +83,8 @@ void Worker::run()
void* start_threaded_worker(void *arg)
{
int fd = *reinterpret_cast<int*>(arg);
Worker worker(fd);
WorkerInfo *info = reinterpret_cast<WorkerInfo*>(arg);
Worker worker(info);
worker.run();
return 0;
}

View File

@ -30,11 +30,13 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "shrpx_listen_handler.h"
namespace shrpx {
class Worker {
public:
Worker(int fd);
Worker(WorkerInfo *info);
~Worker();
void run();
private: