Mercurial > hg > nginx-quic
comparison src/stream/ngx_stream_upstream_round_robin.c @ 7320:696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time. Therefore we use a callback to save the session
when we know about it. This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.
Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback. To preserve API, the session is
cached in c->ssl->session. It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 17 Jul 2018 12:53:23 +0300 |
parents | 54cf51c4f07a |
children | b99cbafd51da |
comparison
equal
deleted
inserted
replaced
7319:dcab86115261 | 7320:696df3ac27ac |
---|---|
774 #if (NGX_STREAM_UPSTREAM_ZONE) | 774 #if (NGX_STREAM_UPSTREAM_ZONE) |
775 peers = rrp->peers; | 775 peers = rrp->peers; |
776 | 776 |
777 if (peers->shpool) { | 777 if (peers->shpool) { |
778 | 778 |
779 ssl_session = SSL_get0_session(pc->connection->ssl->connection); | 779 ssl_session = ngx_ssl_get0_session(pc->connection); |
780 | 780 |
781 if (ssl_session == NULL) { | 781 if (ssl_session == NULL) { |
782 return; | 782 return; |
783 } | 783 } |
784 | 784 |