From d3afda0d4c3f93e5d4225849e1f9b848e57de993 Mon Sep 17 00:00:00 2001 From: zhengchao Date: Wed, 5 Jun 2019 20:43:45 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=BA=E4=BA=86=E5=87=8F=E5=B0=91pinning,=20?= =?UTF-8?q?protocol=20error=E8=AF=AF=E5=88=A4=E5=B8=A6=E6=9D=A5=E7=9A=84?= =?UTF-8?q?=E5=BD=B1=E5=93=8D=EF=BC=8C=E5=B0=86service=20cache=E7=9A=84?= =?UTF-8?q?=E6=B7=98=E6=B1=B0=E6=96=B9=E5=BC=8F=E6=94=B9=E4=B8=BAFIFO?= =?UTF-8?q?=EF=BC=8C=E7=8B=AC=E7=AB=8Bservice=5Fcache=5Fexpire=5Fseconds?= =?UTF-8?q?=E5=8F=82=E6=95=B0=EF=BC=8C=E9=BB=98=E8=AE=A45=E5=88=86?= =?UTF-8?q?=E9=92=9F=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/ssl_service_cache.cpp | 2 +- platform/src/ssl_stream.cpp | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/platform/src/ssl_service_cache.cpp b/platform/src/ssl_service_cache.cpp index 21ad23f..3937486 100644 --- a/platform/src/ssl_service_cache.cpp +++ b/platform/src/ssl_service_cache.cpp @@ -283,7 +283,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig ret = MESA_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, &max_num, sizeof(max_num)); ret = MESA_htable_set_opt(htable, MHO_EXPIRE_TIME, &expire_seconds, sizeof(expire_seconds)); - opt_val=HASH_ELIMINATE_ALGO_LRU; + opt_val=HASH_ELIMINATE_ALGO_FIFO; ret = MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE, &opt_val, sizeof(int)); ret = MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE, diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 1f1e869..a3208cb 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -126,9 +126,13 @@ struct ssl_mgr int ssl_min_version, ssl_max_version; char ssl_session_context[8]; - unsigned int cache_slots; + unsigned int sess_cache_slots; unsigned int sess_expire_seconds; + unsigned int svc_cache_slots; + unsigned int svc_expire_seconds; + + struct sess_cache * down_sess_cache; struct sess_cache * up_sess_cache; struct sess_ticket_box * down_stek_box; @@ -656,15 +660,15 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite", &(mgr->no_mirror_client_cipher_suite), 0); MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", - &(mgr->cache_slots), 4 * 1024 * 1024); + &(mgr->sess_cache_slots), 4 * 1024 * 1024); MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60); if(!mgr->no_sesscache) { - mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM); - mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM); + mgr->up_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM); + mgr->down_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM); } MESA_load_profile_uint_def(ini_profile, section, "stek_group_num", &stek_group_num, 1); @@ -675,7 +679,12 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section mgr->down_stek_box = sess_ticket_box_create(ev_base_gc, stek_group_num, stek_rotation_time, logger); } - mgr->svc_cache=ssl_service_cache_create(mgr->cache_slots, mgr->sess_expire_seconds); + MESA_load_profile_uint_def(ini_profile, section, "service_cache_slots", + &(mgr->svc_cache_slots), 4 * 1024 * 1024); + MESA_load_profile_uint_def(ini_profile, section, "service_cache_expire_seconds", + &(mgr->svc_expire_seconds), 5 * 60); + + mgr->svc_cache=ssl_service_cache_create(mgr->svc_cache_slots, mgr->svc_expire_seconds); mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger); if (mgr->key_keeper == NULL)