diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2018-07-17 12:53:23 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2018-07-17 12:53:23 +0300 |
| commit | d5a27006e03174aa518f6c849d377a130a7c705c (patch) | |
| tree | ea8b041547925ace0f5876b28102942ce34246eb /src/http/ngx_http_upstream_round_robin.c | |
| parent | e1bebd05cb75fa6e8be5f4f942028501c9b22821 (diff) | |
| download | nginx-d5a27006e03174aa518f6c849d377a130a7c705c.tar.gz nginx-d5a27006e03174aa518f6c849d377a130a7c705c.zip | |
SSL: save sessions for upstream peers using a callback function.
In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time. Therefore we use a callback to save the session
when we know about it. This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.
Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback. To preserve API, the session is
cached in c->ssl->session. It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
Diffstat (limited to 'src/http/ngx_http_upstream_round_robin.c')
| -rw-r--r-- | src/http/ngx_http_upstream_round_robin.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c index f6051ae57..f72de3ee6 100644 --- a/src/http/ngx_http_upstream_round_robin.c +++ b/src/http/ngx_http_upstream_round_robin.c @@ -744,7 +744,7 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, if (peers->shpool) { - ssl_session = SSL_get0_session(pc->connection->ssl->connection); + ssl_session = ngx_ssl_get0_session(pc->connection); if (ssl_session == NULL) { return; |