haproxy/include/proto/shctx.h
Emeric Brun af9619da3e MEDIUM: ssl: manage shared cache by blocks for huge sessions.
Sessions using client certs are huge (more than 1 kB) and do not fit
in session cache, or require a huge cache.

In this new implementation sshcachesize set a number of available blocks
instead a number of available sessions.

Each block is large enough (128 bytes) to store a simple session (without
client certs).

Huge sessions will take multiple blocks depending on client certificate size.

Note: some unused code for session sync with remote peers was temporarily
      removed.
2012-12-04 10:56:56 +01:00

53 lines
1.5 KiB
C

/*
* shctx.h - shared context management functions for SSL
*
* Copyright (C) 2011-2012 EXCELIANCE
*
* Author: Emeric Brun - emeric@exceliance.fr
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef SHCTX_H
#define SHCTX_H
#include <openssl/ssl.h>
#include <stdint.h>
#ifndef SHSESS_BLOCK_MIN_SIZE
#define SHSESS_BLOCK_MIN_SIZE 128
#endif
#ifndef SHSESS_MAX_DATA_LEN
#define SHSESS_MAX_DATA_LEN 4096
#endif
#ifndef SHCTX_DEFAULT_SIZE
#define SHCTX_DEFAULT_SIZE 20000
#endif
#ifndef SHCTX_APPNAME
#define SHCTX_APPNAME "haproxy"
#endif
/* Allocate shared memory context.
* <size> is the number of allocated blocks into cache (default 128 bytes)
* A block is large enough to contain a classic session (without client cert)
* If <size> is set less or equal to 0, SHCTX_DEFAULT_SIZE is used.
* Set <use_shared_memory> to 1 to use a mapped shared memory instead
* of private. (ignored if compiled with USE_PRIVATE_CACHE=1).
* Returns: -1 on alloc failure, <size> if it performs context alloc,
* and 0 if cache is already allocated.
*/
int shared_context_init(int size, int use_shared_memory);
/* Set shared cache callbacks on an ssl context.
* Set session cache mode to server and disable openssl internal cache.
* Shared context MUST be firstly initialized */
void shared_context_set_cache(SSL_CTX *ctx);
#endif /* SHCTX_H */