Changeset 411d286 in mod_gnutls


Ignore:
Timestamp:
May 31, 2020, 5:18:44 AM (4 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master
Children:
7e29705
Parents:
d827d0c
Message:

Store session tickets for proxy connections in the session cache

The cache key is stored in the session context because it will be
needed for every proxy connection: For checking if there is a cached
ticket (not implemented yet), and to store new tickets if any.

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    rd827d0c r411d286  
    252252     * error (checks use status < 0 or status > 0) */
    253253    int status;
     254    /** For proxy connections: cache key to store/retrieve session
     255     * tickets */
     256    gnutls_datum_t proxy_ticket_key;
    254257} mgs_handle_t;
    255258
  • src/gnutls_hooks.c

    rd827d0c r411d286  
    11521152    }
    11531153
    1154     gnutls_datum_t dump;
    1155     int ret = gnutls_session_get_data2(session, &dump);
     1154    gnutls_datum_t ticket;
     1155    int ret = gnutls_session_get_data2(session, &ticket);
    11561156    if (ret != GNUTLS_E_SUCCESS)
    11571157    {
     
    11591159                      "%s: error reading session ticket: %s (%d)",
    11601160                      __func__, gnutls_strerror(ret), ret);
    1161         if (dump.data)
    1162             gnutls_free(dump.data);
     1161        if (ticket.data)
     1162            gnutls_free(ticket.data);
    11631163        return GNUTLS_E_SUCCESS;
    11641164    }
    11651165
     1166    apr_time_t expiry = apr_time_now() + ctxt->sc->cache_timeout;
    11661167    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
    1167                   "%s: session ticket read (%u bytes)",
    1168                   __func__, dump.size);
    1169     gnutls_free(dump.data);
    1170     ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
    1171                   "%s: cache key for the session ticket is %s",
    1172                   __func__, mgs_proxy_ticket_id(ctxt, NULL));
     1168                  "%s: caching session ticket for %s (%u bytes)",
     1169                  __func__, ctxt->proxy_ticket_key.data, ticket.size);
     1170    mgs_cache_store(ctxt->sc->cache, ctxt->c->base_server,
     1171                    ctxt->proxy_ticket_key, ticket, expiry);
    11731172    return GNUTLS_E_SUCCESS;
    11741173}
     
    12031202                                           GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
    12041203                                           GNUTLS_HOOK_POST, got_ticket_func);
     1204        ctxt->proxy_ticket_key = mgs_proxy_ticket_id(ctxt, NULL);
    12051205    }
    12061206    else
  • src/gnutls_proxy.c

    rd827d0c r411d286  
    396396
    397397
    398 char *mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool)
     398gnutls_datum_t mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool)
    399399{
    400400    apr_pool_t *tmp;
     
    413413     */
    414414    const char *peer_hostname = get_proxy_sni_name(ctxt);
    415     return apr_psprintf(
    416         tmp, "proxy:%s:%s:%d",
    417         ctxt->c->base_server->server_hostname,
    418         peer_hostname ? peer_hostname : ctxt->c->client_ip,
    419         ctxt->c->client_addr->port);
     415    gnutls_datum_t key;
     416    key.data = (unsigned char *)
     417        apr_psprintf(tmp, "proxy:%s:%s:%d",
     418                     ctxt->c->base_server->server_hostname,
     419                     peer_hostname ? peer_hostname : ctxt->c->client_ip,
     420                     ctxt->c->client_addr->port);
     421    key.size = strlen((const char*) key.data);
     422    return key;
    420423}
    421424
  • src/gnutls_proxy.h

    rd827d0c r411d286  
    5050 * connection pool is used
    5151 *
    52  * @return string to be used as cache key
     52 * @return `gnutls_datum_t` containing the string to be used as cache
     53 * key as `data` and its size (`strlen()`) as `size`.
    5354 */
    54 char *mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool);
     55gnutls_datum_t mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool);
    5556
    5657#endif /* __MOD_GNUTLS_PROXY_H__ */
Note: See TracChangeset for help on using the changeset viewer.