shrpx: Explicitly hold server SSL_CTX and client SSL_CTX

This commit is contained in:
Tatsuhiro Tsujikawa 2013-02-07 21:13:36 +09:00
parent b18af854af
commit c707125839
10 changed files with 48 additions and 42 deletions

View File

@ -242,11 +242,12 @@ int event_loop()
{
event_base *evbase = event_base_new();
SSL_CTX *ssl_ctx = get_config()->client_mode ?
ssl::create_ssl_client_context() : get_config()->default_ssl_ctx;
ListenHandler *listener_handler = new ListenHandler(evbase, ssl_ctx);
SSL_CTX *sv_ssl_ctx = get_config()->default_ssl_ctx;
SSL_CTX *cl_ssl_ctx = get_config()->client_mode ?
ssl::create_ssl_client_context() : 0;
ListenHandler *listener_handler = new ListenHandler(evbase, sv_ssl_ctx,
cl_ssl_ctx);
if(get_config()->daemon) {
if(daemon(0, 0) == -1) {
LOG(FATAL) << "Failed to daemonize: " << strerror(errno);
@ -269,7 +270,7 @@ int event_loop()
if(get_config()->num_worker > 1) {
listener_handler->create_worker_thread(get_config()->num_worker);
} else if(get_config()->client_mode) {
} else if(cl_ssl_ctx) {
listener_handler->create_spdy_session();
}

View File

@ -272,7 +272,7 @@ DownstreamConnection* ClientHandler::get_downstream_connection()
CLOG(INFO, this) << "Downstream connection pool is empty."
<< " Create new one";
}
if(get_config()->client_mode) {
if(spdy_) {
return new SpdyDownstreamConnection(this);
} else {
return new HttpDownstreamConnection(this);

View File

@ -71,8 +71,8 @@ private:
std::string ipaddr_;
bool should_close_after_write_;
std::set<DownstreamConnection*> dconn_pool_;
// Shared SPDY session for each thread. NULL if not client mode. Not
// deleted by this object.
// Shared SPDY session for each thread. NULL if backend is not
// SPDY. Not deleted by this object.
SpdySession *spdy_;
};

View File

@ -40,9 +40,11 @@
namespace shrpx {
ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx)
ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx,
SSL_CTX *cl_ssl_ctx)
: evbase_(evbase),
ssl_ctx_(ssl_ctx),
sv_ssl_ctx_(sv_ssl_ctx),
cl_ssl_ctx_(cl_ssl_ctx),
worker_round_robin_cnt_(0),
workers_(0),
num_worker_(0),
@ -68,7 +70,8 @@ void ListenHandler::create_worker_thread(size_t num)
LLOG(ERROR, this) << "socketpair() failed: " << strerror(errno);
continue;
}
info->ssl_ctx = ssl_ctx_;
info->sv_ssl_ctx = sv_ssl_ctx_;
info->cl_ssl_ctx = cl_ssl_ctx_;
rv = pthread_create(&thread, &attr, start_threaded_worker, info);
if(rv != 0) {
LLOG(ERROR, this) << "pthread_create() failed: " << strerror(rv);
@ -94,11 +97,9 @@ int ListenHandler::accept_connection(evutil_socket_t fd,
LLOG(INFO, this) << "Accepted connection. fd=" << fd;
}
if(num_worker_ == 0) {
ClientHandler* client =
ssl::accept_ssl_connection(evbase_, ssl_ctx_, fd, addr, addrlen);
if(get_config()->client_mode) {
ClientHandler* client = ssl::accept_connection(evbase_, sv_ssl_ctx_,
fd, addr, addrlen);
client->set_spdy_session(spdy_);
}
} else {
size_t idx = worker_round_robin_cnt_ % num_worker_;
++worker_round_robin_cnt_;
@ -124,7 +125,7 @@ event_base* ListenHandler::get_evbase() const
int ListenHandler::create_spdy_session()
{
int rv;
spdy_ = new SpdySession(evbase_, ssl_ctx_);
spdy_ = new SpdySession(evbase_, cl_ssl_ctx_);
rv = spdy_->init_notification();
return rv;
}

View File

@ -38,7 +38,8 @@ namespace shrpx {
struct WorkerInfo {
int sv[2];
SSL_CTX *ssl_ctx;
SSL_CTX *sv_ssl_ctx;
SSL_CTX *cl_ssl_ctx;
bufferevent *bev;
};
@ -46,7 +47,7 @@ class SpdySession;
class ListenHandler {
public:
ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx);
ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx);
~ListenHandler();
int accept_connection(evutil_socket_t fd, sockaddr *addr, int addrlen);
void create_worker_thread(size_t num);
@ -54,14 +55,15 @@ public:
int create_spdy_session();
private:
event_base *evbase_;
// In client-mode, this is for backend SPDY connection. Otherwise,
// for frontend.
SSL_CTX *ssl_ctx_;
// The frontend server SSL_CTX
SSL_CTX *sv_ssl_ctx_;
// The backend server SSL_CTX
SSL_CTX *cl_ssl_ctx_;
unsigned int worker_round_robin_cnt_;
WorkerInfo *workers_;
size_t num_worker_;
// Shared SPDY session. NULL if not client mode or
// multi-threaded. In multi-threaded case, see shrpx_worker.cc.
// Shared backend SPDY session. NULL if multi-threaded. In
// multi-threaded case, see shrpx_worker.cc.
SpdySession *spdy_;
};

View File

@ -245,7 +245,7 @@ SSL_CTX* create_ssl_client_context()
return ssl_ctx;
}
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
evutil_socket_t fd,
sockaddr *addr, int addrlen)
{
@ -266,9 +266,7 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
}
SSL *ssl = 0;
bufferevent *bev;
if(get_config()->client_mode) {
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
} else {
if(ssl_ctx) {
ssl = SSL_new(ssl_ctx);
if(!ssl) {
LOG(ERROR) << "SSL_new() failed: "
@ -278,6 +276,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
bev = bufferevent_openssl_socket_new
(evbase, fd, ssl,
BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS);
} else {
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
}
ClientHandler *client_handler = new ClientHandler(bev, fd, ssl, host);
return client_handler;

View File

@ -45,7 +45,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
SSL_CTX* create_ssl_client_context();
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
evutil_socket_t fd,
sockaddr *addr, int addrlen);

View File

@ -58,7 +58,7 @@ void ThreadEventReceiver::on_read(bufferevent *bev)
}
event_base *evbase = bufferevent_get_base(bev);
ClientHandler *client_handler;
client_handler = ssl::accept_ssl_connection(evbase, ssl_ctx_,
client_handler = ssl::accept_connection(evbase, ssl_ctx_,
wev.client_fd,
&wev.client_addr.sa,
wev.client_addrlen);

View File

@ -39,7 +39,8 @@ namespace shrpx {
Worker::Worker(WorkerInfo *info)
: fd_(info->sv[1]),
ssl_ctx_(info->ssl_ctx)
sv_ssl_ctx_(info->sv_ssl_ctx),
cl_ssl_ctx_(info->cl_ssl_ctx)
{}
Worker::~Worker()
@ -74,13 +75,13 @@ void Worker::run()
bufferevent *bev = bufferevent_socket_new(evbase, fd_,
BEV_OPT_DEFER_CALLBACKS);
SpdySession *spdy = 0;
if(get_config()->client_mode) {
spdy = new SpdySession(evbase, ssl_ctx_);
if(cl_ssl_ctx_) {
spdy = new SpdySession(evbase, cl_ssl_ctx_);
if(spdy->init_notification() == -1) {
DIE();
}
}
ThreadEventReceiver *receiver = new ThreadEventReceiver(ssl_ctx_, spdy);
ThreadEventReceiver *receiver = new ThreadEventReceiver(sv_ssl_ctx_, spdy);
bufferevent_enable(bev, EV_READ);
bufferevent_setcb(bev, readcb, 0, eventcb, receiver);

View File

@ -42,7 +42,8 @@ public:
private:
// Channel to the main thread
int fd_;
SSL_CTX *ssl_ctx_;
SSL_CTX *sv_ssl_ctx_;
SSL_CTX *cl_ssl_ctx_;
};
void* start_threaded_worker(void *arg);