From afbb99ecf7804413a0ec0347714a04d23de40c0f Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Fri, 24 Jul 2015 23:40:27 +0900 Subject: [PATCH] nghttpx: Enable session resumption on HTTP/2 backend --- src/shrpx_connection.cc | 17 +++++++++++++---- src/shrpx_http2_session.cc | 13 ++++++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 30c2ec98..1ba8dfdb 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -62,7 +62,13 @@ Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl, tls.last_write_time = 0.; } -Connection::~Connection() { disconnect(); } +Connection::~Connection() { + disconnect(); + + if (tls.ssl) { + SSL_free(tls.ssl); + } +} void Connection::disconnect() { ev_timer_stop(loop, &rt); @@ -75,9 +81,12 @@ void Connection::disconnect() { SSL_set_app_data(tls.ssl, nullptr); SSL_set_shutdown(tls.ssl, SSL_RECEIVED_SHUTDOWN); ERR_clear_error(); - SSL_shutdown(tls.ssl); - SSL_free(tls.ssl); - tls.ssl = nullptr; + // To reuse SSL/TLS session, we have to shutdown, and don't free + // tls.ssl. + if (SSL_shutdown(tls.ssl) != 1) { + SSL_free(tls.ssl); + tls.ssl = nullptr; + } } if (fd != -1) { diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index e2b4e2ee..164a57da 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -320,12 +320,15 @@ int Http2Session::initiate_connection() { SSLOG(INFO, this) << "Connecting to downstream server"; } if (ssl_ctx_) { - // We are establishing TLS connection. - conn_.tls.ssl = SSL_new(ssl_ctx_); + // We are establishing TLS connection. If conn_.tls.ssl, we may + // reuse the previous session. if (!conn_.tls.ssl) { - SSLOG(ERROR, this) << "SSL_new() failed: " - << ERR_error_string(ERR_get_error(), NULL); - return -1; + conn_.tls.ssl = SSL_new(ssl_ctx_); + if (!conn_.tls.ssl) { + SSLOG(ERROR, this) << "SSL_new() failed: " + << ERR_error_string(ERR_get_error(), NULL); + return -1; + } } const char *sni_name = nullptr;