Mercurial > hg > nginx
comparison src/http/modules/ngx_http_proxy_module.c @ 7320:696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time. Therefore we use a callback to save the session
when we know about it. This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.
Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback. To preserve API, the session is
cached in c->ssl->session. It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 17 Jul 2018 12:53:23 +0300 |
| parents | 9e25a5380a21 |
| children | 45e513c3540d |
comparison
equal
deleted
inserted
replaced
| 7319:dcab86115261 | 7320:696df3ac27ac |
|---|---|
| 4306 if (ngx_ssl_crl(cf, plcf->upstream.ssl, &plcf->ssl_crl) != NGX_OK) { | 4306 if (ngx_ssl_crl(cf, plcf->upstream.ssl, &plcf->ssl_crl) != NGX_OK) { |
| 4307 return NGX_ERROR; | 4307 return NGX_ERROR; |
| 4308 } | 4308 } |
| 4309 } | 4309 } |
| 4310 | 4310 |
| 4311 if (ngx_ssl_client_session_cache(cf, plcf->upstream.ssl, | |
| 4312 plcf->upstream.ssl_session_reuse) | |
| 4313 != NGX_OK) | |
| 4314 { | |
| 4315 return NGX_ERROR; | |
| 4316 } | |
| 4317 | |
| 4311 return NGX_OK; | 4318 return NGX_OK; |
| 4312 } | 4319 } |
| 4313 | 4320 |
| 4314 #endif | 4321 #endif |
| 4315 | 4322 |