You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/07/08 14:25:40 UTC
[6/8] trafficserver git commit: Merge commit
'e7c0cab16038f057a79d91f532c0c130f5ed3314' into ts-3683
Merge commit 'e7c0cab16038f057a79d91f532c0c130f5ed3314' into ts-3683
Conflicts:
iocore/net/SSLNetVConnection.cc
iocore/net/SSLUtils.cc
proxy/InkAPI.cc
proxy/api/ts/ts.h
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/5a4350e6
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/5a4350e6
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/5a4350e6
Branch: refs/heads/master
Commit: 5a4350e6067ac868e54538467ec83a9413853143
Parents: 71752c7 e7c0cab
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 8 07:03:57 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 8 07:03:57 2015 -0500
----------------------------------------------------------------------
.../api/TSNetVConnSSLCachedHitSet.en.rst | 32 ++++++++++++++++++++
iocore/net/SSLUtils.cc | 1 +
proxy/InkAPI.cc | 8 -----
proxy/api/ts/ts.h | 1 -
4 files changed, 33 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --cc iocore/net/SSLUtils.cc
index bd250d1,04a818d..06dee1d
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@@ -209,17 -201,12 +209,18 @@@ ssl_get_cached_session(SSL *ssl, unsign
SSL_SESSION *session = NULL;
if (session_cache->getSession(sid, &session)) {
- SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
- netvc->setSSLSessionCacheHit(true);
- return session;
+ // Double check the timeout
+ if (session && ssl_session_timed_out(session)) {
+ // Due to bug in openssl, the timeout is checked, but only removed
+ // from the openssl built-in hash table. The external remove cb is not called
+ ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session);
+ session = NULL;
+ } else if (session) {
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
++ netvc->setSSLSessionCacheHit(true);
+ }
}
-
- return NULL;
+ return session;
}
static int
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --cc proxy/InkAPI.cc
index 13aa19c,22828d6..16973b1
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@@ -6475,14 -6531,14 +6475,6 @@@ TSNetVConnRemoteAddrGet(TSVConn connp
return vc->get_remote_addr();
}
--void
- TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state)
-TSNetVConnSSLSessionCachedHitSet(TSVConn connp, int state)
--{
-- sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
-- SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
- vc->setSSLSessionCacheHit(state);
- vc->setSSLSessionCacheHit((0 != state) ? true : false);
--}
--
TSAction
TSNetConnect(TSCont contp, sockaddr const *addr)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --cc proxy/api/ts/ts.h
index 9ba2551,6583273..882d10d
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@@ -1704,7 -1702,7 +1704,6 @@@ tsapi TSVConn TSTransformOutputVConnGet
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
- tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
-tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, int state);
/**
Opens a network connection to the host specified by ip on the port