Permalink
Browse files

Abstract out the external session cache

The nginx codebase currently assumes that you've either got an
OpenSSL-builtin session cache, or a SHM-based shared session cache (which it
calls the "external session cache").  Since we're trying to add a second
form of "external session cache" (memcached), we need to start by avoiding
referring directly to the SHM cache as our external session cache, and put
in an abstract middleman that will allow us to refer to "the external
session cache" in general to anyone who doesn't need to know exactly what
session cache we're using.  For now, that just means adding another struct
that stores the shm_zone and using that everywhere.

Next step: adding a reference to a memcached store type.
  • Loading branch information...
1 parent 2bf506b commit a35bb7af4c3695fedd71abb1451a400c7e0e3d3e @mpalmer committed Mar 22, 2011
@@ -26,7 +26,7 @@ static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
ngx_err_t err, char *text);
static void ngx_ssl_clear_error(ngx_log_t *log);
-static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone,
+static ngx_int_t ngx_ssl_shm_session_cache_init(ngx_shm_zone_t *shm_zone,
void *data);
static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
ngx_ssl_session_t *sess);
@@ -1425,7 +1425,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
ngx_int_t
ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
+ ssize_t builtin_session_cache, ngx_ssl_session_cache_cfg_t *sc_cfg, time_t timeout)
{
long cache_mode;
@@ -1461,7 +1461,7 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
cache_mode = SSL_SESS_CACHE_SERVER;
- if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
+ if (sc_cfg->shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
cache_mode |= SSL_SESS_CACHE_NO_INTERNAL;
}
@@ -1476,14 +1476,14 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
- if (shm_zone) {
- shm_zone->init = ngx_ssl_session_cache_init;
+ if (sc_cfg->shm_zone) {
+ sc_cfg->shm_zone->init = ngx_ssl_shm_session_cache_init;
SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
- if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone)
+ if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, sc_cfg)
== 0)
{
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
@@ -1497,7 +1497,7 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
static ngx_int_t
-ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data)
+ngx_ssl_shm_session_cache_init(ngx_shm_zone_t *shm_zone, void *data)
{
size_t len;
ngx_slab_pool_t *shpool;
@@ -1528,14 +1528,14 @@ ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data)
ngx_queue_init(&cache->expire_queue);
- len = sizeof(" in SSL session shared cache \"\"") + shm_zone->shm.name.len;
+ len = sizeof(" in SSL SHM session shared cache \"\"") + shm_zone->shm.name.len;
shpool->log_ctx = ngx_slab_alloc(shpool, len);
if (shpool->log_ctx == NULL) {
return NGX_ERROR;
}
- ngx_sprintf(shpool->log_ctx, " in SSL session shared cache \"%V\"%Z",
+ ngx_sprintf(shpool->log_ctx, " in SSL SHM session shared cache \"%V\"%Z",
&shm_zone->shm.name);
return NGX_OK;
@@ -1562,16 +1562,17 @@ ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data)
static int
ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
{
- int len;
- u_char *p, *id, *cached_sess;
- uint32_t hash;
- SSL_CTX *ssl_ctx;
- ngx_shm_zone_t *shm_zone;
- ngx_connection_t *c;
- ngx_slab_pool_t *shpool;
- ngx_ssl_sess_id_t *sess_id;
- ngx_ssl_session_cache_t *cache;
- u_char buf[NGX_SSL_MAX_SESSION_SIZE];
+ int len;
+ u_char *p, *id, *cached_sess;
+ uint32_t hash;
+ SSL_CTX *ssl_ctx;
+ ngx_ssl_session_cache_cfg_t *sc_cfg;
+ ngx_shm_zone_t *shm_zone;
+ ngx_connection_t *c;
+ ngx_slab_pool_t *shpool;
+ ngx_ssl_sess_id_t *sess_id;
+ ngx_ssl_session_cache_t *cache;
+ u_char buf[NGX_SSL_MAX_SESSION_SIZE];
len = i2d_SSL_SESSION(sess, NULL);
@@ -1587,7 +1588,8 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
c = ngx_ssl_get_connection(ssl_conn);
ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
- shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
+ sc_cfg = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
+ shm_zone = sc_cfg->shm_zone;
cache = shm_zone->data;
shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
@@ -1683,17 +1685,18 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
#if OPENSSL_VERSION_NUMBER >= 0x0090707fL
const
#endif
- u_char *p;
- uint32_t hash;
- ngx_int_t rc;
- ngx_shm_zone_t *shm_zone;
- ngx_slab_pool_t *shpool;
- ngx_connection_t *c;
- ngx_rbtree_node_t *node, *sentinel;
- ngx_ssl_session_t *sess;
- ngx_ssl_sess_id_t *sess_id;
- ngx_ssl_session_cache_t *cache;
- u_char buf[NGX_SSL_MAX_SESSION_SIZE];
+ u_char *p;
+ uint32_t hash;
+ ngx_int_t rc;
+ ngx_ssl_session_cache_cfg_t *sc_cfg;
+ ngx_shm_zone_t *shm_zone;
+ ngx_slab_pool_t *shpool;
+ ngx_connection_t *c;
+ ngx_rbtree_node_t *node, *sentinel;
+ ngx_ssl_session_t *sess;
+ ngx_ssl_sess_id_t *sess_id;
+ ngx_ssl_session_cache_t *cache;
+ u_char buf[NGX_SSL_MAX_SESSION_SIZE];
c = ngx_ssl_get_connection(ssl_conn);
@@ -1703,8 +1706,9 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ssl get session: %08XD:%d", hash, len);
- shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
- ngx_ssl_session_cache_index);
+ sc_cfg = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
+ ngx_ssl_session_cache_index);
+ shm_zone = sc_cfg->shm_zone;
cache = shm_zone->data;
@@ -1791,17 +1795,19 @@ ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
static void
ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
{
- size_t len;
- u_char *id;
- uint32_t hash;
- ngx_int_t rc;
- ngx_shm_zone_t *shm_zone;
- ngx_slab_pool_t *shpool;
- ngx_rbtree_node_t *node, *sentinel;
- ngx_ssl_sess_id_t *sess_id;
- ngx_ssl_session_cache_t *cache;
-
- shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
+ size_t len;
+ u_char *id;
+ uint32_t hash;
+ ngx_int_t rc;
+ ngx_ssl_session_cache_cfg_t *sc_cfg;
+ ngx_shm_zone_t *shm_zone;
+ ngx_slab_pool_t *shpool;
+ ngx_rbtree_node_t *node, *sentinel;
+ ngx_ssl_sess_id_t *sess_id;
+ ngx_ssl_session_cache_t *cache;
+
+ sc_cfg = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
+ shm_zone = sc_cfg->shm_zone;
if (shm_zone == NULL) {
return;
@@ -49,6 +49,11 @@ typedef struct {
} ngx_ssl_connection_t;
+typedef struct {
+ ngx_shm_zone_t *shm_zone;
+} ngx_ssl_session_cache_cfg_t;
+
+
#define NGX_SSL_NO_SCACHE -2
#define NGX_SSL_NONE_SCACHE -3
#define NGX_SSL_NO_BUILTIN_SCACHE -4
@@ -102,7 +107,7 @@ ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl);
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
+ ssize_t builtin_session_cache, ngx_ssl_session_cache_cfg_t *sc_cfg, time_t timeout);
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
ngx_uint_t flags);
@@ -476,13 +476,14 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
- if (conf->shm_zone == NULL) {
- conf->shm_zone = prev->shm_zone;
+ if (conf->ext_session_cache.shm_zone == NULL) {
+ conf->ext_session_cache.shm_zone = prev->ext_session_cache.shm_zone;
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
conf->builtin_session_cache,
- conf->shm_zone, conf->session_timeout)
+ &conf->ext_session_cache,
+ conf->session_timeout)
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -596,9 +597,10 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_ERROR;
}
- sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
- &ngx_http_ssl_module);
- if (sscf->shm_zone == NULL) {
+ sscf->ext_session_cache.shm_zone =
+ ngx_shared_memory_add(cf, &name, n,
+ &ngx_http_ssl_module);
+ if (sscf->ext_session_cache.shm_zone == NULL) {
return NGX_CONF_ERROR;
}
@@ -608,7 +610,7 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
goto invalid;
}
- if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
+ if (sscf->ext_session_cache.shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
}
@@ -37,7 +37,7 @@ typedef struct {
ngx_str_t ciphers;
- ngx_shm_zone_t *shm_zone;
+ ngx_ssl_session_cache_cfg_t ext_session_cache;
u_char *file;
ngx_uint_t line;

0 comments on commit a35bb7a

Please sign in to comment.