nghttpx: Enable session resumption on HTTP/2 backend

2015-07-24 23:40:27 +09:00 · 2015-07-24 23:40:27 +09:00 · afbb99ecf7
parent abce7c7210
commit afbb99ecf7
2 changed files with 21 additions and 9 deletions
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@ -62,7 +62,13 @@ Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl,
  tls.last_write_time = 0.;
 }

-Connection::~Connection() { disconnect(); }
+Connection::~Connection() {
+  disconnect();
+
+  if (tls.ssl) {
+    SSL_free(tls.ssl);
+  }
+}

 void Connection::disconnect() {
  ev_timer_stop(loop, &rt);
@ -75,10 +81,13 @@ void Connection::disconnect() {
    SSL_set_app_data(tls.ssl, nullptr);
    SSL_set_shutdown(tls.ssl, SSL_RECEIVED_SHUTDOWN);
    ERR_clear_error();
-    SSL_shutdown(tls.ssl);
+    // To reuse SSL/TLS session, we have to shutdown, and don't free
+    // tls.ssl.
+    if (SSL_shutdown(tls.ssl) != 1) {
      SSL_free(tls.ssl);
      tls.ssl = nullptr;
    }
+  }

  if (fd != -1) {
    shutdown(fd, SHUT_WR);
--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@ -320,13 +320,16 @@ int Http2Session::initiate_connection() {
      SSLOG(INFO, this) << "Connecting to downstream server";
    }
    if (ssl_ctx_) {
-      // We are establishing TLS connection.
+      // We are establishing TLS connection.  If conn_.tls.ssl, we may
+      // reuse the previous session.
+      if (!conn_.tls.ssl) {
        conn_.tls.ssl = SSL_new(ssl_ctx_);
        if (!conn_.tls.ssl) {
          SSLOG(ERROR, this) << "SSL_new() failed: "
                             << ERR_error_string(ERR_get_error(), NULL);
          return -1;
        }
+      }

      const char *sni_name = nullptr;
      if (get_config()->backend_tls_sni_name) {