gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

未开启session cache时,关闭upstream ssl的cahce,避免buffer event 报告999:invalid session id:20:SSL routines:369:tls_process_server_hello。

Browse Source
This commit is contained in:
zhengchao
2019-05-30 12:34:42 +08:00
parent 3339ffd533
commit 5cdad62fc7
2 changed files with 39 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
platform/src/ssl_sess_ticket.cpp
View File

@@ -11,7 +11,7 @@
#include <pthread.h>
#define STEK_NUM 2
#define STEK_WINDOW_SIZE 2
#define STEK_SIZE 80
#define SEED_MAX_LEN 100
#define RAND_MAX_VALUE 256
@@ -102,13 +102,18 @@ static void stek_key_reset(struct sess_ticket_key * stek)
static void ssl_stek_rotation_cb(evutil_socket_t fd, short what, void * arg)
{
unsigned int i = 0;
struct sess_ticket_box * ticket = (struct sess_ticket_box *) arg;
unsigned int i=0, j=0;
struct sess_ticket_box * ticket = (struct sess_ticket_box *) arg;
struct sess_ticket_key** steks=NULL;
set_stek_rand_seed(ticket->stek_rotation_seconds);
pthread_rwlock_wrlock(&(ticket->stek_rwlock));
steks=ticket->ticket_keys;
for(i = 0; i < ticket->ticket_group_num; i ++)
{
memcpy(&(ticket->ticket_keys[i][1]), &(ticket->ticket_keys[i][0]), STEK_SIZE);
for(j=1; j<STEK_WINDOW_SIZE; j++)
{
steks[i][j]=steks[i][j-1];
}
stek_key_reset(&(ticket->ticket_keys[i][0]));
}
pthread_rwlock_unlock(&(ticket->stek_rwlock));
@@ -133,7 +138,7 @@ struct sess_ticket_box * sess_ticket_box_create(struct event_base * ev_base, uns
pthread_rwlock_wrlock(&(ticket->stek_rwlock));
for(i = 0; i < stek_group_num; i++)
{
ticket->ticket_keys[i] = ALLOC(struct sess_ticket_key, STEK_NUM);
ticket->ticket_keys[i] = ALLOC(struct sess_ticket_key, STEK_WINDOW_SIZE);
stek_key_reset(&(ticket->ticket_keys[i][0]));
}
pthread_rwlock_unlock(&(ticket->stek_rwlock));
@@ -176,18 +181,16 @@ enum STEK_GET_RET sess_ticket_box_get_key_for_dec(struct sess_ticket_box * box,
pthread_rwlock_rdlock(&(box->stek_rwlock));
steks=box->ticket_keys;
stek_index=stek_get_idx_by_sni(sni, box->ticket_group_num);
if (memcmp(key_name, steks[stek_index][0].name, 16) == 0)
int i=0;
for(i=0; i<STEK_WINDOW_SIZE; i++)
{
*result=steks[stek_index][0];
ret = STEK_FOUND_FRESH;
}
else if(memcmp(key_name, steks[stek_index][1].name, 16) == 0)
{
*result=steks[stek_index][1];
ret = STEK_FOUND_STALED;
}
if (memcmp(key_name, steks[stek_index][i].name, 16) == 0)
{
*result=steks[stek_index][i];
ret=(i==0?STEK_FOUND_FRESH:STEK_FOUND_STALED);
break;
}
}
pthread_rwlock_unlock(&(box->stek_rwlock));
return ret;
}