proxy_ssl_session_reuse

author: Igor Sysoev <igor@sysoev.ru> 2008-08-17 17:47:52 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2008-08-17 17:47:52 +0000
commit: 916ee8ecea1728b23dbd2c11d9ca8242b593d32a (patch)
tree: a7df5f7c171ce8026fc54a06b36a190e51cb7be3 /src
parent: f60dde9767d71d0d69d3a98646d813df423e7034 (diff)
download: nginx-916ee8ecea1728b23dbd2c11d9ca8242b593d32a.tar.gz
nginx-916ee8ecea1728b23dbd2c11d9ca8242b593d32a.zip
3 files changed, 29 insertions, 5 deletions
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 880d99840..cf5605474 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -360,6 +360,17 @@ static ngx_command_t  ngx_http_proxy_commands[] = {
       offsetof(ngx_http_proxy_loc_conf_t, upstream.hide_headers),
       NULL },
 
+#if (NGX_HTTP_SSL)
+
+    { ngx_string("proxy_ssl_session_reuse"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse),
+      NULL },
+
+#endif
+
       ngx_null_command
 };
 
@@ -1645,6 +1656,9 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
     conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
 
     conf->upstream.intercept_errors = NGX_CONF_UNSET;
+#if (NGX_HTTP_SSL)
+    conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+#endif
 
     /* "proxy_cyclic_temp_file" is disabled */
     conf->upstream.cyclic_temp_file = 0;
@@ -1834,6 +1848,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_value(conf->upstream.intercept_errors,
                               prev->upstream.intercept_errors, 0);
 
+#if (NGX_HTTP_SSL)
+    ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
+                              prev->upstream.ssl_session_reuse, 1);
+#endif
+
     ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
 
     if (conf->redirect) {
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index c27099616..ae86b9858 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -789,10 +789,12 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
     c->sendfile = 0;
     u->output.sendfile = 0;
 
-    if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
-        ngx_http_upstream_finalize_request(r, u,
-                                           NGX_HTTP_INTERNAL_SERVER_ERROR);
-        return;
+    if (u->conf->ssl_session_reuse) {
+        if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
+            ngx_http_upstream_finalize_request(r, u,
+                                               NGX_HTTP_INTERNAL_SERVER_ERROR);
+            return;
+        }
     }
 
     r->connection->log->action = "SSL handshaking to upstream";
@@ -819,7 +821,9 @@ ngx_http_upstream_ssl_handshake(ngx_connection_t *c)
 
     if (c->ssl->handshaked) {
 
-        u->peer.save_session(&u->peer, u->peer.data);
+        if (u->conf->ssl_session_reuse) {
+            u->peer.save_session(&u->peer, u->peer.data);
+        }
 
         c->write->handler = ngx_http_upstream_send_request_handler;
         c->read->handler = ngx_http_upstream_process_header;
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 2ed2797a2..66c2cf3da 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -148,6 +148,7 @@ typedef struct {
 
 #if (NGX_HTTP_SSL)
     ngx_ssl_t                      *ssl;
+    ngx_flag_t                      ssl_session_reuse;
 #endif
 
 } ngx_http_upstream_conf_t;
author	Igor Sysoev <igor@sysoev.ru>	2008-08-17 17:47:52 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2008-08-17 17:47:52 +0000
commit	916ee8ecea1728b23dbd2c11d9ca8242b593d32a (patch)
tree	a7df5f7c171ce8026fc54a06b36a190e51cb7be3 /src
parent	f60dde9767d71d0d69d3a98646d813df423e7034 (diff)
download	nginx-916ee8ecea1728b23dbd2c11d9ca8242b593d32a.tar.gz nginx-916ee8ecea1728b23dbd2c11d9ca8242b593d32a.zip