nghttpx: Add options to set maximum retry and failure when getting ticket keys
This commit is contained in:
parent
4949dd4888
commit
a6fdca730d
|
@ -96,6 +96,8 @@ OPTIONS = [
|
|||
"tls-session-cache-memcached",
|
||||
"tls-ticket-key-memcached",
|
||||
"tls-ticket-key-memcached-interval",
|
||||
"tls-ticket-key-memcached-max-retry",
|
||||
"tls-ticket-key-memcached-max-fail",
|
||||
"conf",
|
||||
]
|
||||
|
||||
|
|
28
src/shrpx.cc
28
src/shrpx.cc
|
@ -1510,6 +1510,20 @@ SSL/TLS:
|
|||
Default: )"
|
||||
<< util::duration_str(get_config()->tls_ticket_key_memcached_interval)
|
||||
<< R"(
|
||||
--tls-ticket-key-memcached-max-retry=<N>
|
||||
Set maximum number of consecutive retries before
|
||||
abandoning TLS ticket key retrieval. If this number is
|
||||
reached, the attempt is considered as failure, and
|
||||
"failure" count is incremented by 1, which contributed
|
||||
to the value controlled
|
||||
--tls-ticket-key-memcached-max-fail option.
|
||||
Default: )" << get_config()->tls_ticket_key_memcached_max_retry
|
||||
<< R"(
|
||||
--tls-ticket-key-memcached-max-fail=<N>
|
||||
Set maximum number of consecutive failure before
|
||||
disabling TLS ticket until next scheduled key retrieval.
|
||||
Default: )" << get_config()->tls_ticket_key_memcached_max_fail
|
||||
<< R"(
|
||||
|
||||
HTTP/2 and SPDY:
|
||||
-c, --http2-max-concurrent-streams=<N>
|
||||
|
@ -1877,6 +1891,10 @@ int main(int argc, char **argv) {
|
|||
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87},
|
||||
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag,
|
||||
88},
|
||||
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, required_argument, &flag,
|
||||
89},
|
||||
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, required_argument, &flag,
|
||||
90},
|
||||
{nullptr, 0, nullptr, 0}};
|
||||
|
||||
int option_index = 0;
|
||||
|
@ -2264,6 +2282,16 @@ int main(int argc, char **argv) {
|
|||
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
|
||||
optarg);
|
||||
break;
|
||||
case 89:
|
||||
// --tls-ticket-key-memcached-max-retry
|
||||
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
|
||||
optarg);
|
||||
break;
|
||||
case 90:
|
||||
// --tls-ticket-key-memcached-max-fail
|
||||
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
|
||||
optarg);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -708,6 +708,8 @@ enum {
|
|||
SHRPX_OPTID_TLS_TICKET_KEY_FILE,
|
||||
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
|
||||
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
|
||||
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
|
||||
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
|
||||
SHRPX_OPTID_USER,
|
||||
SHRPX_OPTID_VERIFY_CLIENT,
|
||||
SHRPX_OPTID_VERIFY_CLIENT_CACERT,
|
||||
|
@ -1228,6 +1230,9 @@ int option_lookup_token(const char *name, size_t namelen) {
|
|||
if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) {
|
||||
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL;
|
||||
}
|
||||
if (util::strieq_l("tls-ticket-key-memcached-max-fai", name, 32)) {
|
||||
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
@ -1243,6 +1248,11 @@ int option_lookup_token(const char *name, size_t namelen) {
|
|||
return SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST;
|
||||
}
|
||||
break;
|
||||
case 'y':
|
||||
if (util::strieq_l("tls-ticket-key-memcached-max-retr", name, 33)) {
|
||||
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY;
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 35:
|
||||
|
@ -1911,6 +1921,23 @@ int parse_config(const char *opt, const char *optarg,
|
|||
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL:
|
||||
return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt,
|
||||
optarg);
|
||||
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY: {
|
||||
int n;
|
||||
if (parse_uint(&n, opt, optarg) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (n > 30) {
|
||||
LOG(ERROR) << opt << ": must be smaller than or equal to 30";
|
||||
return -1;
|
||||
}
|
||||
|
||||
mod_config()->tls_ticket_key_memcached_max_retry = n;
|
||||
return 0;
|
||||
}
|
||||
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL:
|
||||
return parse_uint(&mod_config()->tls_ticket_key_memcached_max_fail, opt,
|
||||
optarg);
|
||||
case SHRPX_OPTID_CONF:
|
||||
LOG(WARN) << "conf: ignored";
|
||||
|
||||
|
|
|
@ -179,6 +179,10 @@ constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED[] =
|
|||
"tls-ticket-key-memcached";
|
||||
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] =
|
||||
"tls-ticket-key-memcached-interval";
|
||||
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY[] =
|
||||
"tls-ticket-key-memcached-max-retry";
|
||||
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL[] =
|
||||
"tls-ticket-key-memcached-max-fail";
|
||||
|
||||
union sockaddr_union {
|
||||
sockaddr_storage storage;
|
||||
|
|
Loading…
Reference in New Issue