]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e1bebd0) | patch
SSL: save sessions for upstream peers using a callback function.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 17 Jul 2018 09:53:23 +0000 (12:53 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 17 Jul 2018 09:53:23 +0000 (12:53 +0300)
commitd5a27006e03174aa518f6c849d377a130a7c705c
treeea8b041547925ace0f5876b28102942ce34246ebtree | snapshot
parente1bebd05cb75fa6e8be5f4f942028501c9b22821commit | diff
SSL: save sessions for upstream peers using a callback function.

In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time.  Therefore we use a callback to save the session
when we know about it.  This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.

Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback.  To preserve API, the session is
cached in c->ssl->session.  It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
src/event/ngx_event_openssl.c diff | blob | history
src/event/ngx_event_openssl.h diff | blob | history
src/http/modules/ngx_http_grpc_module.c diff | blob | history
src/http/modules/ngx_http_proxy_module.c diff | blob | history
src/http/modules/ngx_http_uwsgi_module.c diff | blob | history
src/http/ngx_http_upstream.c diff | blob | history
src/http/ngx_http_upstream_round_robin.c diff | blob | history
src/stream/ngx_stream_proxy_module.c diff | blob | history
src/stream/ngx_stream_upstream_round_robin.c diff | blob | history
nginx upstream