未开启session cache时，关闭upstream ssl的cahce，避免buffer event 报告999:invalid session id:20:SSL routines:369:tls_process_server_hello。

2019-05-30 12:34:42 +08:00
parent 3339ffd533
commit 5cdad62fc7
2 changed files with 39 additions and 32 deletions
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -869,7 +869,7 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
 	}
 	if(strlen(tls13_cipher)>0 && s_stream->ssl_max_version==TLS1_3_VERSION)
 	{
-		SSL_CTX_set_ciphersuites(sslctx, tls13_cipher);
+		//SSL_CTX_set_ciphersuites(sslctx, tls13_cipher);

 	}
 	if (SSL_CTX_set_min_proto_version(sslctx, s_stream->ssl_min_version) == 0 ||
@@ -881,6 +881,25 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
 	
 	SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, NULL);
 	SSL_CTX_set_client_cert_cb(sslctx, ossl_client_cert_cb);
+	
+	if(mgr->no_sesscache)
+	{
+		SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_OFF);
+	}
+	else
+	{
+		SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_NO_INTERNAL);
+		/* session resuming based on remote endpoint address and port */
+		sess = up_session_get(mgr->up_sess_cache,
+							(struct sockaddr *) &(s_stream->addr), s_stream->addrlen, chello->sni, 
+							s_stream->ssl_min_version, s_stream->ssl_max_version);
+		if (sess)
+		{
+			ret=SSL_CTX_add_session(sslctx, sess);    /* increments sess refcount */
+			assert(ret==1);
+			SSL_SESSION_free(sess);
+		}
+	}
 	ssl = SSL_new(sslctx);
 	SSL_CTX_free(sslctx);  /* SSL_new() increments refcount */
 	if (!ssl)
@@ -901,21 +920,6 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
 	/* lower memory footprint for idle connections */
 	SSL_set_mode(ssl, SSL_get_mode(ssl) | SSL_MODE_RELEASE_BUFFERS);

-	if(!mgr->no_sesscache)
-	{
-		if(ret == 0)
-		{
-			/* session resuming based on remote endpoint address and port */
-			sess = up_session_get(mgr->up_sess_cache,
-								(struct sockaddr *) &(s_stream->addr), s_stream->addrlen, chello->sni, 
-								s_stream->ssl_min_version, s_stream->ssl_max_version);
-			if (sess)
-			{
-				SSL_set_session(ssl, sess);    /* increments sess refcount */
-				SSL_SESSION_free(sess);
-			}
-		}
-	}
 	s_stream->ssl=ssl;
 	return ;
 }