Mercurial > hg > nginx-quic

comparison src/http/ngx_http_upstream.c @ 7320:696df3ac27ac

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: save sessions for upstream peers using a callback function. In TLSv1.3, NewSessionTicket messages arrive after the handshake and can come at any time. Therefore we use a callback to save the session when we know about it. This approach works for < TLSv1.3 as well. The callback function is set once per location on merge phase. Since SSL_get_session() in BoringSSL returns an unresumable session for TLSv1.3, peer save_session() methods have been updated as well to use a session supplied within the callback. To preserve API, the session is cached in c->ssl->session. It is preferably accessed in save_session() methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 17 Jul 2018 12:53:23 +0300
parents ece9b5454b8a
children 70c6b08973a0
comparison
equal deleted inserted replaced
7319:dcab86115261 7320:696df3ac27ac
185 static void ngx_http_upstream_ssl_init_connection(ngx_http_request_t *, 185 static void ngx_http_upstream_ssl_init_connection(ngx_http_request_t *,
186 ngx_http_upstream_t *u, ngx_connection_t *c); 186 ngx_http_upstream_t *u, ngx_connection_t *c);
187 static void ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c); 187 static void ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c);
188 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, 188 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *,
189 ngx_http_upstream_t *u, ngx_connection_t *c); 189 ngx_http_upstream_t *u, ngx_connection_t *c);
190 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c);
190 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, 191 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r,
191 ngx_http_upstream_t *u, ngx_connection_t *c); 192 ngx_http_upstream_t *u, ngx_connection_t *c);
192 #endif 193 #endif
193 194
194 195
1673 return; 1674 return;
1674 } 1675 }
1675 } 1676 }
1676 1677
1677 if (u->conf->ssl_session_reuse) { 1678 if (u->conf->ssl_session_reuse) {
1679 c->ssl->save_session = ngx_http_upstream_ssl_save_session;
1680
1678 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { 1681 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
1679 ngx_http_upstream_finalize_request(r, u, 1682 ngx_http_upstream_finalize_request(r, u,
1680 NGX_HTTP_INTERNAL_SERVER_ERROR); 1683 NGX_HTTP_INTERNAL_SERVER_ERROR);
1681 return; 1684 return;
1682 } 1685 }
1757 &u->ssl_name); 1760 &u->ssl_name);
1758 goto failed; 1761 goto failed;
1759 } 1762 }
1760 } 1763 }
1761 1764
1762 if (u->conf->ssl_session_reuse) {
1763 u->peer.save_session(&u->peer, u->peer.data);
1764 }
1765
1766 c->write->handler = ngx_http_upstream_handler; 1765 c->write->handler = ngx_http_upstream_handler;
1767 c->read->handler = ngx_http_upstream_handler; 1766 c->read->handler = ngx_http_upstream_handler;
1768 1767
1769 ngx_http_upstream_send_request(r, u, 1); 1768 ngx_http_upstream_send_request(r, u, 1);
1770 1769
1777 } 1776 }
1778 1777
1779 failed: 1778 failed:
1780 1779
1781 ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); 1780 ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);
1781 }
1782
1783
1784 static void
1785 ngx_http_upstream_ssl_save_session(ngx_connection_t *c)
1786 {
1787 ngx_http_request_t *r;
1788 ngx_http_upstream_t *u;
1789
1790 if (c->idle) {
1791 return;
1792 }
1793
1794 r = c->data;
1795
1796 u = r->upstream;
1797 c = r->connection;
1798
1799 ngx_http_set_log_request(c->log, r);
1800
1801 u->peer.save_session(&u->peer, u->peer.data);
1782 } 1802 }
1783 1803
1784 1804
1785 static ngx_int_t 1805 static ngx_int_t
1786 ngx_http_upstream_ssl_name(ngx_http_request_t *r, ngx_http_upstream_t *u, 1806 ngx_http_upstream_ssl_name(ngx_http_request_t *r, ngx_http_upstream_t *u,