shrpx: Explicitly hold server SSL_CTX and client SSL_CTX
This commit is contained in:
parent
b18af854af
commit
c707125839
11
src/shrpx.cc
11
src/shrpx.cc
|
@ -242,11 +242,12 @@ int event_loop()
|
|||
{
|
||||
event_base *evbase = event_base_new();
|
||||
|
||||
SSL_CTX *ssl_ctx = get_config()->client_mode ?
|
||||
ssl::create_ssl_client_context() : get_config()->default_ssl_ctx;
|
||||
|
||||
ListenHandler *listener_handler = new ListenHandler(evbase, ssl_ctx);
|
||||
SSL_CTX *sv_ssl_ctx = get_config()->default_ssl_ctx;
|
||||
SSL_CTX *cl_ssl_ctx = get_config()->client_mode ?
|
||||
ssl::create_ssl_client_context() : 0;
|
||||
|
||||
ListenHandler *listener_handler = new ListenHandler(evbase, sv_ssl_ctx,
|
||||
cl_ssl_ctx);
|
||||
if(get_config()->daemon) {
|
||||
if(daemon(0, 0) == -1) {
|
||||
LOG(FATAL) << "Failed to daemonize: " << strerror(errno);
|
||||
|
@ -269,7 +270,7 @@ int event_loop()
|
|||
|
||||
if(get_config()->num_worker > 1) {
|
||||
listener_handler->create_worker_thread(get_config()->num_worker);
|
||||
} else if(get_config()->client_mode) {
|
||||
} else if(cl_ssl_ctx) {
|
||||
listener_handler->create_spdy_session();
|
||||
}
|
||||
|
||||
|
|
|
@ -272,7 +272,7 @@ DownstreamConnection* ClientHandler::get_downstream_connection()
|
|||
CLOG(INFO, this) << "Downstream connection pool is empty."
|
||||
<< " Create new one";
|
||||
}
|
||||
if(get_config()->client_mode) {
|
||||
if(spdy_) {
|
||||
return new SpdyDownstreamConnection(this);
|
||||
} else {
|
||||
return new HttpDownstreamConnection(this);
|
||||
|
|
|
@ -71,8 +71,8 @@ private:
|
|||
std::string ipaddr_;
|
||||
bool should_close_after_write_;
|
||||
std::set<DownstreamConnection*> dconn_pool_;
|
||||
// Shared SPDY session for each thread. NULL if not client mode. Not
|
||||
// deleted by this object.
|
||||
// Shared SPDY session for each thread. NULL if backend is not
|
||||
// SPDY. Not deleted by this object.
|
||||
SpdySession *spdy_;
|
||||
};
|
||||
|
||||
|
|
|
@ -40,9 +40,11 @@
|
|||
|
||||
namespace shrpx {
|
||||
|
||||
ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx)
|
||||
ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx,
|
||||
SSL_CTX *cl_ssl_ctx)
|
||||
: evbase_(evbase),
|
||||
ssl_ctx_(ssl_ctx),
|
||||
sv_ssl_ctx_(sv_ssl_ctx),
|
||||
cl_ssl_ctx_(cl_ssl_ctx),
|
||||
worker_round_robin_cnt_(0),
|
||||
workers_(0),
|
||||
num_worker_(0),
|
||||
|
@ -68,7 +70,8 @@ void ListenHandler::create_worker_thread(size_t num)
|
|||
LLOG(ERROR, this) << "socketpair() failed: " << strerror(errno);
|
||||
continue;
|
||||
}
|
||||
info->ssl_ctx = ssl_ctx_;
|
||||
info->sv_ssl_ctx = sv_ssl_ctx_;
|
||||
info->cl_ssl_ctx = cl_ssl_ctx_;
|
||||
rv = pthread_create(&thread, &attr, start_threaded_worker, info);
|
||||
if(rv != 0) {
|
||||
LLOG(ERROR, this) << "pthread_create() failed: " << strerror(rv);
|
||||
|
@ -94,11 +97,9 @@ int ListenHandler::accept_connection(evutil_socket_t fd,
|
|||
LLOG(INFO, this) << "Accepted connection. fd=" << fd;
|
||||
}
|
||||
if(num_worker_ == 0) {
|
||||
ClientHandler* client =
|
||||
ssl::accept_ssl_connection(evbase_, ssl_ctx_, fd, addr, addrlen);
|
||||
if(get_config()->client_mode) {
|
||||
ClientHandler* client = ssl::accept_connection(evbase_, sv_ssl_ctx_,
|
||||
fd, addr, addrlen);
|
||||
client->set_spdy_session(spdy_);
|
||||
}
|
||||
} else {
|
||||
size_t idx = worker_round_robin_cnt_ % num_worker_;
|
||||
++worker_round_robin_cnt_;
|
||||
|
@ -124,7 +125,7 @@ event_base* ListenHandler::get_evbase() const
|
|||
int ListenHandler::create_spdy_session()
|
||||
{
|
||||
int rv;
|
||||
spdy_ = new SpdySession(evbase_, ssl_ctx_);
|
||||
spdy_ = new SpdySession(evbase_, cl_ssl_ctx_);
|
||||
rv = spdy_->init_notification();
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -38,7 +38,8 @@ namespace shrpx {
|
|||
|
||||
struct WorkerInfo {
|
||||
int sv[2];
|
||||
SSL_CTX *ssl_ctx;
|
||||
SSL_CTX *sv_ssl_ctx;
|
||||
SSL_CTX *cl_ssl_ctx;
|
||||
bufferevent *bev;
|
||||
};
|
||||
|
||||
|
@ -46,7 +47,7 @@ class SpdySession;
|
|||
|
||||
class ListenHandler {
|
||||
public:
|
||||
ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx);
|
||||
ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx);
|
||||
~ListenHandler();
|
||||
int accept_connection(evutil_socket_t fd, sockaddr *addr, int addrlen);
|
||||
void create_worker_thread(size_t num);
|
||||
|
@ -54,14 +55,15 @@ public:
|
|||
int create_spdy_session();
|
||||
private:
|
||||
event_base *evbase_;
|
||||
// In client-mode, this is for backend SPDY connection. Otherwise,
|
||||
// for frontend.
|
||||
SSL_CTX *ssl_ctx_;
|
||||
// The frontend server SSL_CTX
|
||||
SSL_CTX *sv_ssl_ctx_;
|
||||
// The backend server SSL_CTX
|
||||
SSL_CTX *cl_ssl_ctx_;
|
||||
unsigned int worker_round_robin_cnt_;
|
||||
WorkerInfo *workers_;
|
||||
size_t num_worker_;
|
||||
// Shared SPDY session. NULL if not client mode or
|
||||
// multi-threaded. In multi-threaded case, see shrpx_worker.cc.
|
||||
// Shared backend SPDY session. NULL if multi-threaded. In
|
||||
// multi-threaded case, see shrpx_worker.cc.
|
||||
SpdySession *spdy_;
|
||||
};
|
||||
|
||||
|
|
|
@ -245,7 +245,7 @@ SSL_CTX* create_ssl_client_context()
|
|||
return ssl_ctx;
|
||||
}
|
||||
|
||||
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
||||
ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
||||
evutil_socket_t fd,
|
||||
sockaddr *addr, int addrlen)
|
||||
{
|
||||
|
@ -266,9 +266,7 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
|||
}
|
||||
SSL *ssl = 0;
|
||||
bufferevent *bev;
|
||||
if(get_config()->client_mode) {
|
||||
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
|
||||
} else {
|
||||
if(ssl_ctx) {
|
||||
ssl = SSL_new(ssl_ctx);
|
||||
if(!ssl) {
|
||||
LOG(ERROR) << "SSL_new() failed: "
|
||||
|
@ -278,6 +276,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
|||
bev = bufferevent_openssl_socket_new
|
||||
(evbase, fd, ssl,
|
||||
BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS);
|
||||
} else {
|
||||
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
|
||||
}
|
||||
ClientHandler *client_handler = new ClientHandler(bev, fd, ssl, host);
|
||||
return client_handler;
|
||||
|
|
|
@ -45,7 +45,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
|
||||
SSL_CTX* create_ssl_client_context();
|
||||
|
||||
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
||||
ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
|
||||
evutil_socket_t fd,
|
||||
sockaddr *addr, int addrlen);
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ void ThreadEventReceiver::on_read(bufferevent *bev)
|
|||
}
|
||||
event_base *evbase = bufferevent_get_base(bev);
|
||||
ClientHandler *client_handler;
|
||||
client_handler = ssl::accept_ssl_connection(evbase, ssl_ctx_,
|
||||
client_handler = ssl::accept_connection(evbase, ssl_ctx_,
|
||||
wev.client_fd,
|
||||
&wev.client_addr.sa,
|
||||
wev.client_addrlen);
|
||||
|
|
|
@ -39,7 +39,8 @@ namespace shrpx {
|
|||
|
||||
Worker::Worker(WorkerInfo *info)
|
||||
: fd_(info->sv[1]),
|
||||
ssl_ctx_(info->ssl_ctx)
|
||||
sv_ssl_ctx_(info->sv_ssl_ctx),
|
||||
cl_ssl_ctx_(info->cl_ssl_ctx)
|
||||
{}
|
||||
|
||||
Worker::~Worker()
|
||||
|
@ -74,13 +75,13 @@ void Worker::run()
|
|||
bufferevent *bev = bufferevent_socket_new(evbase, fd_,
|
||||
BEV_OPT_DEFER_CALLBACKS);
|
||||
SpdySession *spdy = 0;
|
||||
if(get_config()->client_mode) {
|
||||
spdy = new SpdySession(evbase, ssl_ctx_);
|
||||
if(cl_ssl_ctx_) {
|
||||
spdy = new SpdySession(evbase, cl_ssl_ctx_);
|
||||
if(spdy->init_notification() == -1) {
|
||||
DIE();
|
||||
}
|
||||
}
|
||||
ThreadEventReceiver *receiver = new ThreadEventReceiver(ssl_ctx_, spdy);
|
||||
ThreadEventReceiver *receiver = new ThreadEventReceiver(sv_ssl_ctx_, spdy);
|
||||
bufferevent_enable(bev, EV_READ);
|
||||
bufferevent_setcb(bev, readcb, 0, eventcb, receiver);
|
||||
|
||||
|
|
|
@ -42,7 +42,8 @@ public:
|
|||
private:
|
||||
// Channel to the main thread
|
||||
int fd_;
|
||||
SSL_CTX *ssl_ctx_;
|
||||
SSL_CTX *sv_ssl_ctx_;
|
||||
SSL_CTX *cl_ssl_ctx_;
|
||||
};
|
||||
|
||||
void* start_threaded_worker(void *arg);
|
||||
|
|
Loading…
Reference in New Issue