You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/06/12 16:45:44 UTC
trafficserver git commit: TS-3687: ATS Session Cache should remove
expired sessions. This closes #222.
Repository: trafficserver
Updated Branches:
refs/heads/master cd9990a83 -> c8c9c4fa0
TS-3687: ATS Session Cache should remove expired sessions. This closes #222.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c8c9c4fa
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c8c9c4fa
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c8c9c4fa
Branch: refs/heads/master
Commit: c8c9c4fa0dad38552553b4235929a4f7ea8aa322
Parents: cd9990a
Author: shinrich <sh...@yahoo-inc.com>
Authored: Thu Jun 11 17:40:58 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Fri Jun 12 09:40:42 2015 -0500
----------------------------------------------------------------------
CHANGES | 2 ++
iocore/net/SSLUtils.cc | 17 ++++++++++++++---
2 files changed, 16 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c8c9c4fa/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 834f7a0..f29cba1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 6.0.0
+ *) [TS-3687] ATS Session Cache should remove expired sessions.
+
*) [TS-3453] Confusion of handling SSL events in write_to_net_io in UnixNetVConnection.cc
*) [TS-3104] Fix lockfile logic which decides whether to kill process or group.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c8c9c4fa/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 2a31523..5b0bc4e 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -185,6 +185,12 @@ SSL_CTX_add_extra_chain_cert_file(SSL_CTX *ctx, const char *chainfile)
return true;
}
+bool ssl_session_timed_out(SSL_SESSION *session)
+{
+ return SSL_SESSION_get_timeout(session) < (long)(time(NULL) - SSL_SESSION_get_time(session));
+}
+
+static void ssl_rm_cached_session(SSL_CTX *ctx, SSL_SESSION *sess);
static SSL_SESSION *
ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
@@ -201,10 +207,15 @@ ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
SSL_SESSION *session = NULL;
if (session_cache->getSession(sid, &session)) {
- return session;
+ // Double check the timeout
+ if (session && ssl_session_timed_out(session)) {
+ // Due to bug in openssl, the timeout is checked, but only removed
+ // from the openssl built-in hash table. The external remove cb is not called
+ ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session);
+ session = NULL;
+ }
}
-
- return NULL;
+ return session;
}
static int