nghttpx: Enable session resumption on HTTP/2 backend

src/shrpx_connection.cc

@@ -62,7 +62,13 @@ Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl,
   tls.last_write_time = 0.;
 }
 
-Connection::~Connection() { disconnect(); }
+Connection::~Connection() {
+  disconnect();
+
+  if (tls.ssl) {
+    SSL_free(tls.ssl);
+  }
+}
 
 void Connection::disconnect() {
   ev_timer_stop(loop, &rt);
@@ -75,9 +81,12 @@ void Connection::disconnect() {
     SSL_set_app_data(tls.ssl, nullptr);
     SSL_set_shutdown(tls.ssl, SSL_RECEIVED_SHUTDOWN);
     ERR_clear_error();
-    SSL_shutdown(tls.ssl);
+    // To reuse SSL/TLS session, we have to shutdown, and don't free
-    SSL_free(tls.ssl);
+    // tls.ssl.
-    tls.ssl = nullptr;
+    if (SSL_shutdown(tls.ssl) != 1) {
+      SSL_free(tls.ssl);
+      tls.ssl = nullptr;
+    }
   }
 
   if (fd != -1) {

src/shrpx_http2_session.cc

@@ -320,12 +320,15 @@ int Http2Session::initiate_connection() {
       SSLOG(INFO, this) << "Connecting to downstream server";
     }
     if (ssl_ctx_) {
-      // We are establishing TLS connection.
+      // We are establishing TLS connection.  If conn_.tls.ssl, we may
-      conn_.tls.ssl = SSL_new(ssl_ctx_);
+      // reuse the previous session.
       if (!conn_.tls.ssl) {
-        SSLOG(ERROR, this) << "SSL_new() failed: "
+        conn_.tls.ssl = SSL_new(ssl_ctx_);
-                           << ERR_error_string(ERR_get_error(), NULL);
+        if (!conn_.tls.ssl) {
-        return -1;
+          SSLOG(ERROR, this) << "SSL_new() failed: "
+                             << ERR_error_string(ERR_get_error(), NULL);
+          return -1;
+        }
       }
 
       const char *sni_name = nullptr;