commit 3f964ee: [Rework] Use internal ssl cache for client sessions

Vsevolod Stakhov vsevolod at highsecure.ru
Tue Feb 18 13:21:08 UTC 2020


Author: Vsevolod Stakhov
Date: 2020-02-18 13:05:35 +0000
URL: https://github.com/rspamd/rspamd/commit/3f964eee87e17d473651b13c3e81840f39ad2890

[Rework] Use internal ssl cache for client sessions

---
 src/libserver/ssl_util.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index 5a1abdeef..995d46cc6 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -656,10 +656,22 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
 		gpointer handler_data)
 {
 	gint ret;
+	SSL_SESSION *session = NULL;
 
 	g_assert (conn != NULL);
 
 	conn->ssl = SSL_new (conn->ssl_ctx->s);
+
+	if (hostname) {
+		session = rspamd_lru_hash_lookup (conn->ssl_ctx->sessions, hostname,
+				ev_now (conn->event_loop));
+
+	}
+
+	if (session) {
+		SSL_set_session (conn->ssl, session);
+	}
+
 	SSL_set_app_data (conn->ssl, conn);
 	msg_debug_ssl ("new ssl connection %p; session reused=%s",
 			conn->ssl, SSL_session_reused (conn->ssl) ? "true" : "false");
@@ -946,12 +958,16 @@ rspamd_ssl_connection_free (struct rspamd_ssl_connection *conn)
 static int
 rspamd_ssl_new_client_session (SSL *ssl, SSL_SESSION *sess)
 {
-	struct rspamd_ssl_ctx *ctx;
 	struct rspamd_ssl_connection *conn;
 
 	conn = SSL_get_app_data (ssl);
 
-	msg_debug_ssl ("hui: got new session from %p", conn);
+	if (conn->hostname) {
+		rspamd_lru_hash_insert (conn->ssl_ctx->sessions,
+				g_strdup (conn->hostname), SSL_get1_session (ssl),
+				ev_now (conn->event_loop), SSL_CTX_get_timeout (conn->ssl_ctx->s));
+		msg_debug_ssl ("saved new session for %s: %p", conn->hostname, conn);
+	}
 
 	return 0;
 }


More information about the Commits mailing list