You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2011/04/21 03:50:58 UTC
svn commit: r1095591 - in /trafficserver/traffic/trunk:
iocore/net/P_SSLConfig.h iocore/net/SSLConfig.cc iocore/net/SSLNet.cc
mgmt/RecordsConfig.cc
Author: zwoop
Date: Thu Apr 21 01:50:58 2011
New Revision: 1095591
URL: http://svn.apache.org/viewvc?rev=1095591&view=rev
Log:
TS-744 Configurations to control SSL session reuse and cache size
Modified:
trafficserver/traffic/trunk/iocore/net/P_SSLConfig.h
trafficserver/traffic/trunk/iocore/net/SSLConfig.cc
trafficserver/traffic/trunk/iocore/net/SSLNet.cc
trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
Modified: trafficserver/traffic/trunk/iocore/net/P_SSLConfig.h
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/iocore/net/P_SSLConfig.h?rev=1095591&r1=1095590&r2=1095591&view=diff
==============================================================================
--- trafficserver/traffic/trunk/iocore/net/P_SSLConfig.h (original)
+++ trafficserver/traffic/trunk/iocore/net/P_SSLConfig.h Thu Apr 21 01:50:58 2011
@@ -75,32 +75,22 @@ public:
SSL_ACCELERATOR_REQ_BOTH = 3
};
- SSL_TERMINATION_MODE getTerminationMode(void)
+ enum SSL_SESSION_CACHE_MODE
{
- return (termMode);
- }
- int getAcceptPort(void)
- {
- return (ssl_accept_port_number);
- }
- char *getConfigFilePath(void)
- {
- return (configFilePath);
- }
- char *getServerCertPathOnly(void)
- {
- return (serverCertPathOnly);
- }
- char *getServerKeyPathOnly(void)
- {
- return (serverKeyPathOnly);
- }
+ SSL_SESSION_CACHE_MODE_OFF = 0,
+ SSL_SESSION_CACHE_MODE_SERVER = 1
+ };
+
+ SSL_TERMINATION_MODE getTerminationMode(void) const { return termMode; }
+ int getAcceptPort(void) const { return ssl_accept_port_number; }
+ char *getConfigFilePath(void) const { return configFilePath; }
+ char *getServerCertPathOnly(void) const { return serverCertPathOnly; }
+ char *getServerKeyPathOnly(void) const { return serverKeyPathOnly; }
SslConfigParams();
- virtual ~ SslConfigParams();
+ virtual ~SslConfigParams();
private:
-
void initialize();
void cleanup();
@@ -120,6 +110,8 @@ private:
int verify_depth;
int ssl_accept_port_number;
int sslAccelerator;
+ int ssl_session_cache;
+ int ssl_session_cache_size;
char *clientCertPath;
char *clientKeyPath;
@@ -150,13 +142,9 @@ public:
static SslConfigParams *acquire();
static void release(SslConfigParams * params);
- static bool serverTerminationEnabled(void)
- {
- return (serverSSLTermination);
- }
+ static bool serverTerminationEnabled(void) { return serverSSLTermination; }
private:
-
static void clearTermEnabled()
{
serverSSLTermination = 0;
Modified: trafficserver/traffic/trunk/iocore/net/SSLConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/iocore/net/SSLConfig.cc?rev=1095591&r1=1095590&r2=1095591&view=diff
==============================================================================
--- trafficserver/traffic/trunk/iocore/net/SSLConfig.cc (original)
+++ trafficserver/traffic/trunk/iocore/net/SSLConfig.cc Thu Apr 21 01:50:58 2011
@@ -61,6 +61,8 @@ SslConfigParams::SslConfigParams()
termMode = SSL_TERM_MODE_NONE;
ssl_ctx_options = 0;
ssl_accelerator_required = SSL_ACCELERATOR_REQ_NO;
+ ssl_session_cache = SSL_SESSION_CACHE_MODE_SERVER;
+ ssl_session_cache_size = 1024*20;
}
SslConfigParams::~SslConfigParams()
@@ -164,8 +166,7 @@ SslConfigParams::initialize()
cleanup();
-//+++++++++++++++++++++++++ Server part +++++++++++++++++++++++++++++++++
-
+ //+++++++++++++++++++++++++ Server part +++++++++++++++++++++++++++++++++
verify_depth = 7;
IOCORE_ReadConfigInteger(ssl_accelerator_required, "proxy.config.ssl.accelerator_required");
@@ -365,7 +366,12 @@ SslConfigParams::initialize()
xfree(abs_path);
xfree(CACertRelativePath);
}
-// ++++++++++++++++++++++++ Client part ++++++++++++++++++++
+
+ // SSL session cache configurations
+ IOCORE_ReadConfigInteger(ssl_session_cache, "proxy.config.ssl.session_cache");
+ IOCORE_ReadConfigInteger(ssl_session_cache_size, "proxy.config.ssl.session_cache.size");
+
+ // ++++++++++++++++++++++++ Client part ++++++++++++++++++++
client_verify_depth = 7;
IOCORE_ReadConfigInt32(clientVerify, "proxy.config.ssl.client.verify.server");
@@ -447,7 +453,6 @@ SslConfigParams::initialize()
#endif
xfree(clientCACertRelativePath);
}
-
}
Modified: trafficserver/traffic/trunk/iocore/net/SSLNet.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/iocore/net/SSLNet.cc?rev=1095591&r1=1095590&r2=1095591&view=diff
==============================================================================
--- trafficserver/traffic/trunk/iocore/net/SSLNet.cc (original)
+++ trafficserver/traffic/trunk/iocore/net/SSLNet.cc Thu Apr 21 01:50:58 2011
@@ -321,6 +321,16 @@ SSLNetProcessor::initSSLServerCTX(SslCon
// disable selected protocols
SSL_CTX_set_options(lCtx, param->ssl_ctx_options);
+
+ switch (param->ssl_session_cache) {
+ case SslConfigParams::SSL_SESSION_CACHE_MODE_OFF:
+ SSL_CTX_set_session_cache_mode(lCtx, SSL_SESS_CACHE_OFF|SSL_SESS_CACHE_NO_INTERNAL);
+ break;
+ case SslConfigParams::SSL_SESSION_CACHE_MODE_SERVER:
+ SSL_CTX_set_session_cache_mode(lCtx, SSL_SESS_CACHE_SERVER);
+ SSL_CTX_sess_set_cache_size(lCtx, param->ssl_session_cache_size);
+ break;
+ }
//might want to make configurable at some point.
verify_depth = param->verify_depth;
Modified: trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/mgmt/RecordsConfig.cc?rev=1095591&r1=1095590&r2=1095591&view=diff
==============================================================================
--- trafficserver/traffic/trunk/mgmt/RecordsConfig.cc (original)
+++ trafficserver/traffic/trunk/mgmt/RecordsConfig.cc Thu Apr 21 01:50:58 2011
@@ -1335,6 +1335,10 @@ RecordElement RecordsConfig[] = {
,
{RECT_CONFIG, "proxy.config.ssl.client.CA.cert.path", RECD_STRING, NULL, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
,
+ {RECT_CONFIG, "proxy.config.ssl.session_cache", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
+ ,
+ {RECT_CONFIG, "proxy.config.ssl.session_cache.size", RECD_INT, "20480", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
+ ,
//##############################################################################
//# ICP Configuration