nghttpx: Add options to set maximum retry and failure when getting ticket keys

gennghttpxfun.py

@@ -96,6 +96,8 @@ OPTIONS = [
     "tls-session-cache-memcached",
     "tls-ticket-key-memcached",
     "tls-ticket-key-memcached-interval",
+    "tls-ticket-key-memcached-max-retry",
+    "tls-ticket-key-memcached-max-fail",
     "conf",
 ]
 

src/shrpx.cc

@@ -1510,6 +1510,20 @@ SSL/TLS:
               Default: )"
       << util::duration_str(get_config()->tls_ticket_key_memcached_interval)
       << R"(
+  --tls-ticket-key-memcached-max-retry=<N>
+              Set  maximum   number  of  consecutive   retries  before
+              abandoning TLS ticket key  retrieval.  If this number is
+              reached,  the  attempt  is considered  as  failure,  and
+              "failure" count  is incremented by 1,  which contributed
+              to            the            value            controlled
+              --tls-ticket-key-memcached-max-fail option.
+              Default: )" << get_config()->tls_ticket_key_memcached_max_retry
+      << R"(
+  --tls-ticket-key-memcached-max-fail=<N>
+              Set  maximum   number  of  consecutive   failure  before
+              disabling TLS ticket until next scheduled key retrieval.
+              Default: )" << get_config()->tls_ticket_key_memcached_max_fail
+      << R"(
 
 HTTP/2 and SPDY:
   -c, --http2-max-concurrent-streams=<N>
@@ -1877,6 +1891,10 @@ int main(int argc, char **argv) {
         {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87},
         {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag,
          88},
+        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, required_argument, &flag,
+         89},
+        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, required_argument, &flag,
+         90},
         {nullptr, 0, nullptr, 0}};
 
     int option_index = 0;
@@ -2264,6 +2282,16 @@ int main(int argc, char **argv) {
         cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
                              optarg);
         break;
+      case 89:
+        // --tls-ticket-key-memcached-max-retry
+        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
+                             optarg);
+        break;
+      case 90:
+        // --tls-ticket-key-memcached-max-fail
+        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
+                             optarg);
+        break;
       default:
         break;
       }

src/shrpx_config.cc

@@ -708,6 +708,8 @@ enum {
   SHRPX_OPTID_TLS_TICKET_KEY_FILE,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
+  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
+  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
   SHRPX_OPTID_USER,
   SHRPX_OPTID_VERIFY_CLIENT,
   SHRPX_OPTID_VERIFY_CLIENT_CACERT,
@@ -1228,6 +1230,9 @@ int option_lookup_token(const char *name, size_t namelen) {
       if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) {
         return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL;
       }
+      if (util::strieq_l("tls-ticket-key-memcached-max-fai", name, 32)) {
+        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL;
+      }
       break;
     }
     break;
@@ -1243,6 +1248,11 @@ int option_lookup_token(const char *name, size_t namelen) {
         return SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST;
       }
       break;
+    case 'y':
+      if (util::strieq_l("tls-ticket-key-memcached-max-retr", name, 33)) {
+        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY;
+      }
+      break;
     }
     break;
   case 35:
@@ -1911,6 +1921,23 @@ int parse_config(const char *opt, const char *optarg,
   case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL:
     return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt,
                           optarg);
+  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY: {
+    int n;
+    if (parse_uint(&n, opt, optarg) != 0) {
+      return -1;
+    }
+
+    if (n > 30) {
+      LOG(ERROR) << opt << ": must be smaller than or equal to 30";
+      return -1;
+    }
+
+    mod_config()->tls_ticket_key_memcached_max_retry = n;
+    return 0;
+  }
+  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL:
+    return parse_uint(&mod_config()->tls_ticket_key_memcached_max_fail, opt,
+                      optarg);
   case SHRPX_OPTID_CONF:
     LOG(WARN) << "conf: ignored";
 

src/shrpx_config.h

@@ -179,6 +179,10 @@ constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED[] =
     "tls-ticket-key-memcached";
 constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] =
     "tls-ticket-key-memcached-interval";
+constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY[] =
+    "tls-ticket-key-memcached-max-retry";
+constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL[] =
+    "tls-ticket-key-memcached-max-fail";
 
 union sockaddr_union {
   sockaddr_storage storage;