mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-15 01:47:19 +00:00
3e541d1c03
This SSL session cache was developped at Exceliance and is the same that was proposed for stunnel and stud. It makes use of a shared memory area between the processes so that sessions can be handled by any process. It is only useful when haproxy runs with nbproc > 1, but it does not hurt performance at all with nbproc = 1. The aim is to totally replace OpenSSL's internal cache. The cache is optimized for Linux >= 2.6 and specifically for x86 platforms. On Linux/x86, it makes use of futexes for inter-process locking, with some x86 assembly for the locked instructions. On other architectures, GCC builtins are used instead, which are available starting from gcc 4.1. On other operating systems, the locks fall back to pthread mutexes so libpthread is automatically linked. It is not recommended since pthreads are much slower than futexes. The lib is only linked if SSL is enabled.
70 lines
2.4 KiB
C
70 lines
2.4 KiB
C
/*
|
|
* shctx.h - shared context management functions for SSL
|
|
*
|
|
* Copyright (C) 2011-2012 EXCELIANCE
|
|
*
|
|
* Author: Emeric Brun - emeric@exceliance.fr
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef SHCTX_H
|
|
#define SHCTX_H
|
|
#include <openssl/ssl.h>
|
|
#include <stdint.h>
|
|
|
|
#ifndef SHSESS_MAX_FOOTER_LEN
|
|
#define SHSESS_MAX_FOOTER_LEN sizeof(uint32_t) \
|
|
+ EVP_MAX_MD_SIZE
|
|
#endif
|
|
|
|
#ifndef SHSESS_MAX_DATA_LEN
|
|
#define SHSESS_MAX_DATA_LEN 512
|
|
#endif
|
|
|
|
#ifndef SHCTX_DEFAULT_SIZE
|
|
#define SHCTX_DEFAULT_SIZE 20000
|
|
#endif
|
|
|
|
#define SHSESS_MAX_ENCODED_LEN SSL_MAX_SSL_SESSION_ID_LENGTH \
|
|
+ SHSESS_MAX_DATA_LEN \
|
|
+ SHSESS_MAX_FOOTER_LEN
|
|
|
|
|
|
|
|
/* Callback called on a new session event:
|
|
* session contains the sessionid zeros padded to SSL_MAX_SSL_SESSION_ID_LENGTH
|
|
* followed by ASN1 session encoding.
|
|
* len is set to SSL_MAX_SSL_SESSION_ID_LENGTH + ASN1 session length
|
|
* len is always less than SSL_MAX_SSL_SESSION_ID_LENGTH + SHSESS_MAX_DATA_LEN.
|
|
* Remaining Bytes from len to SHSESS_MAX_ENCODED_LEN can be used to add a footer.
|
|
* cdate is the creation date timestamp.
|
|
*/
|
|
void shsess_set_new_cbk(void (*func)(unsigned char *session, unsigned int len, long cdate));
|
|
|
|
/* Add a session into the cache,
|
|
* session contains the sessionid zeros padded to SSL_MAX_SSL_SESSION_ID_LENGTH
|
|
* followed by ASN1 session encoding.
|
|
* len is set to SSL_MAX_SSL_SESSION_ID_LENGTH + ASN1 data length.
|
|
* if len greater than SHSESS_MAX_ENCODED_LEN, session is not added.
|
|
* if cdate not 0, on get events session creation date will be reset to cdate */
|
|
void shctx_sess_add(const unsigned char *session, unsigned int session_len, long cdate);
|
|
|
|
/* Allocate shared memory context.
|
|
* size is maximum cached sessions.
|
|
* if set less or equal to 0, SHCTX_DEFAULT_SIZE is used.
|
|
* Returns: -1 on alloc failure, size if it performs context alloc,
|
|
* and 0 if cache is already allocated */
|
|
int shared_context_init(int size);
|
|
|
|
/* Set shared cache callbacks on an ssl context.
|
|
* Set session cache mode to server and disable openssl internal cache.
|
|
* Shared context MUST be firstly initialized */
|
|
void shared_context_set_cache(SSL_CTX *ctx);
|
|
|
|
#endif /* SHCTX_H */
|
|
|