static void ngx_http_upstream_session_sticky_save_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_http_upstream_ss_peer_data_t *sspd = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "save session: %p:%d", ssl_session, ssl_session->references); old_ssl_session = sspd->ssl_session; sspd->ssl_session = ssl_session; if (old_ssl_session) { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "old session: %p:%d", old_ssl_session, old_ssl_session->references); ngx_ssl_free_session(old_ssl_session); } }
void ngx_http_upstream_save_resolveMK_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_http_upstream_resolveMK_peer_data_t *urpd = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ngx_http_upstream_resolveMK_peer_t *peer; ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "save session: %p:%d", ssl_session, ssl_session->references); peer = &urpd->conf->peers[urpd->current]; old_ssl_session = peer->ssl_session; peer->ssl_session = ssl_session; if (old_ssl_session) { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "old session: %p:%d", old_ssl_session, old_ssl_session->references); ngx_ssl_free_session(old_ssl_session); } }
static void ngx_http_upstream_chash_save_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_http_upstream_chash_peer_data_t *uchpd = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } #if OPENSSL_VERSION_NUMBER < 0x10100000L ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "save session: %p:%d", ssl_session, ssl_session->references); #endif old_ssl_session = uchpd->ssl_session; uchpd->ssl_session = ssl_session; if (old_ssl_session) { #if OPENSSL_VERSION_NUMBER < 0x10100000L ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "old session: %p:%d", old_ssl_session, old_ssl_session->references); #endif ngx_ssl_free_session(old_ssl_session); } }
void ngx_tcp_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_tcp_upstream_rr_peer_data_t *rrp = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ngx_tcp_upstream_rr_peer_t *peer; ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug2(NGX_LOG_DEBUG_TCP, pc->log, 0, "save session: %p:%d", ssl_session, ssl_session->references); peer = &rrp->peers->peer[rrp->current]; /* TODO: threads only mutex */ /* ngx_lock_mutex(rrp->peers->mutex); */ old_ssl_session = peer->ssl_session; peer->ssl_session = ssl_session; /* ngx_unlock_mutex(rrp->peers->mutex); */ if (old_ssl_session) { ngx_log_debug2(NGX_LOG_DEBUG_TCP, pc->log, 0, "old session: %p:%d", old_ssl_session, old_ssl_session->references); /* TODO: may block */ ngx_ssl_free_session(old_ssl_session); } }
static void ngx_http_upstream_save_hash_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_http_upstream_hash_peer_data_t *uhpd = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ngx_http_upstream_hash_peer_t *peer; ngx_uint_t current; ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "save session: %p:%d", ssl_session, ssl_session->references); current = ngx_http_upstream_get_hash_peer_index(uhpd); peer = &uhpd->peers->peer[current]; /* TODO: threads only mutex */ /* ngx_lock_mutex(rrp->peers->mutex); */ old_ssl_session = peer->ssl_session; peer->ssl_session = ssl_session; /* ngx_unlock_mutex(rrp->peers->mutex); */ if (old_ssl_session) { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "old session: %p:%d", old_ssl_session, old_ssl_session->references); /* TODO: may block */ ngx_ssl_free_session(old_ssl_session); } }
static void ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_stream_upstream_rr_peer_data_t *rrp = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ngx_stream_upstream_rr_peer_t *peer; #if (NGX_STREAM_UPSTREAM_ZONE) int len; u_char *p; ngx_stream_upstream_rr_peers_t *peers; u_char buf[NGX_SSL_MAX_SESSION_SIZE]; #endif #if (NGX_STREAM_UPSTREAM_ZONE) peers = rrp->peers; if (peers->shpool) { ssl_session = SSL_get0_session(pc->connection->ssl->connection); if (ssl_session == NULL) { return; } ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "save session: %p", ssl_session); len = i2d_SSL_SESSION(ssl_session, NULL); /* do not cache too big session */ if (len > NGX_SSL_MAX_SESSION_SIZE) { return; } p = buf; (void) i2d_SSL_SESSION(ssl_session, &p); peer = rrp->current; ngx_stream_upstream_rr_peers_rlock(peers); ngx_stream_upstream_rr_peer_lock(peers, peer); if (len > peer->ssl_session_len) { ngx_shmtx_lock(&peers->shpool->mutex); if (peer->ssl_session) { ngx_slab_free_locked(peers->shpool, peer->ssl_session); } peer->ssl_session = ngx_slab_alloc_locked(peers->shpool, len); ngx_shmtx_unlock(&peers->shpool->mutex); if (peer->ssl_session == NULL) { peer->ssl_session_len = 0; ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); return; } peer->ssl_session_len = len; } ngx_memcpy(peer->ssl_session, buf, len); ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); return; } #endif ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "save session: %p", ssl_session); peer = rrp->current; old_ssl_session = peer->ssl_session; peer->ssl_session = ssl_session; if (old_ssl_session) { ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "old session: %p", old_ssl_session); /* TODO: may block */ ngx_ssl_free_session(old_ssl_session); } }
static ngx_int_t ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_stream_upstream_rr_peer_data_t *rrp = data; ngx_int_t rc; ngx_ssl_session_t *ssl_session; ngx_stream_upstream_rr_peer_t *peer; #if (NGX_STREAM_UPSTREAM_ZONE) int len; #if OPENSSL_VERSION_NUMBER >= 0x0090707fL const #endif u_char *p; ngx_stream_upstream_rr_peers_t *peers; u_char buf[NGX_SSL_MAX_SESSION_SIZE]; #endif peer = rrp->current; #if (NGX_STREAM_UPSTREAM_ZONE) peers = rrp->peers; if (peers->shpool) { ngx_stream_upstream_rr_peers_rlock(peers); ngx_stream_upstream_rr_peer_lock(peers, peer); if (peer->ssl_session == NULL) { ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); return NGX_OK; } len = peer->ssl_session_len; ngx_memcpy(buf, peer->ssl_session, len); ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); p = buf; ssl_session = d2i_SSL_SESSION(NULL, &p, len); rc = ngx_ssl_set_session(pc->connection, ssl_session); ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "set session: %p", ssl_session); ngx_ssl_free_session(ssl_session); return rc; } #endif ssl_session = peer->ssl_session; rc = ngx_ssl_set_session(pc->connection, ssl_session); ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "set session: %p", ssl_session); return rc; }