- Timestamp:
- May 31, 2020, 6:24:41 AM (8 months ago)
- Branches:
- asyncio, master
- Children:
- e151b6f
- Parents:
- 7e29705
- git-author:
- Fiona Klute <fiona.klute@…> (05/31/20 06:17:51)
- git-committer:
- Fiona Klute <fiona.klute@…> (05/31/20 06:24:41)
- Location:
- src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_cache.c
r7e29705 r764fef3 3 3 * Copyright 2008 Nikos Mavrogiannopoulos 4 4 * Copyright 2011 Dash Shendy 5 * Copyright 2015-20 18Fiona Klute5 * Copyright 2015-2020 Fiona Klute 6 6 * 7 7 * Licensed under the Apache License, Version 2.0 (the "License"); … … 169 169 170 170 171 /** 8K is the maximum size accepted when receiving OCSP responses,172 * sessions cache entries should be much smaller. The buffer is173 * reallocated to actual size after fetching, so memory waste is174 * minimal and temporary. */175 #define SOCACHE_FETCH_BUF_SIZE (8 * 1024)176 177 171 apr_status_t mgs_cache_fetch(mgs_cache_t cache, server_rec *server, 178 172 gnutls_datum_t key, gnutls_datum_t *output, … … 240 234 return data; 241 235 242 data.data = gnutls_malloc( SOCACHE_FETCH_BUF_SIZE);236 data.data = gnutls_malloc(MGS_SESSION_FETCH_BUF_SIZE); 243 237 if (data.data == NULL) 244 238 return data; 245 data.size = SOCACHE_FETCH_BUF_SIZE;239 data.size = MGS_SESSION_FETCH_BUF_SIZE; 246 240 247 241 apr_status_t rv = mgs_cache_fetch(ctxt->sc->cache, ctxt->c->base_server, -
src/gnutls_cache.h
r7e29705 r764fef3 2 2 * Copyright 2004-2005 Paul Querna 3 3 * Copyright 2014 Nikos Mavrogiannopoulos 4 * Copyright 2015-20 18Fiona Klute4 * Copyright 2015-2020 Fiona Klute 5 5 * 6 6 * Licensed under the Apache License, Version 2.0 (the "License"); … … 33 33 * `Mutex` directive */ 34 34 #define MGS_CACHE_MUTEX_NAME "gnutls-cache" 35 36 /** 8K is the maximum size accepted when receiving OCSP responses, 37 * sessions cache entries should be much smaller. The buffer is 38 * reallocated to actual size after fetching, so memory waste is 39 * minimal and temporary. */ 40 #define MGS_SESSION_FETCH_BUF_SIZE (8 * 1024) 35 41 36 42 /** -
src/gnutls_io.c
r7e29705 r764fef3 385 385 } 386 386 387 /* Enable SNI and ALPN for proxy connections */ 387 /* Enable SNI and ALPN for proxy connections, and load cached 388 * session if any. */ 388 389 if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE) 389 390 mgs_set_proxy_handshake_ext(ctxt); -
src/gnutls_proxy.c
r7e29705 r764fef3 16 16 17 17 #include "mod_gnutls.h" 18 #include "gnutls_cache.h" 18 19 #include "gnutls_proxy.h" 19 20 #include "gnutls_util.h" … … 21 22 #include <apr_strings.h> 22 23 #include <gnutls/gnutls.h> 24 25 APLOG_USE_MODULE(gnutls); 23 26 24 27 /* … … 396 399 397 400 401 /** 402 * Check if there is a cached session for the connection, and load it 403 * if yes. The session is deleted from the cache after that, because 404 * tickets should not be reused for forward secrecy. 405 * 406 * @param ctxt the mod_gnutls connection handle 407 */ 408 static void proxy_conn_load_session(mgs_handle_t *ctxt) 409 { 410 gnutls_datum_t data = {NULL, 0}; 411 data.data = gnutls_malloc(MGS_SESSION_FETCH_BUF_SIZE); 412 if (data.data == NULL) 413 return; 414 data.size = MGS_SESSION_FETCH_BUF_SIZE; 415 416 apr_status_t rv = mgs_cache_fetch(ctxt->sc->cache, ctxt->c->base_server, 417 ctxt->proxy_ticket_key, &data, 418 ctxt->c->pool); 419 if (rv != APR_SUCCESS) 420 { 421 gnutls_free(data.data); 422 return; 423 } 424 425 // TODO: delete the cache entry 426 427 int ret = gnutls_session_set_data(ctxt->session, data.data, data.size); 428 if (ret == GNUTLS_E_SUCCESS) 429 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 430 "%s: Cached session loaded.", __func__); 431 else 432 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, ctxt->c, 433 "%s: Loading cached session failed: %s (%d)", 434 __func__, gnutls_strerror(ret), ret); 435 gnutls_free(data.data); 436 } 437 438 439 398 440 gnutls_datum_t mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool) 399 441 { … … 429 471 proxy_conn_set_sni(ctxt); 430 472 proxy_conn_set_alpn(ctxt); 431 } 473 proxy_conn_load_session(ctxt); 474 }
Note: See TracChangeset
for help on using the changeset viewer.