Mercurial > hg > nginx
diff src/http/modules/ngx_http_grpc_module.c @ 7320:696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time. Therefore we use a callback to save the session
when we know about it. This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.
Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback. To preserve API, the session is
cached in c->ssl->session. It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 17 Jul 2018 12:53:23 +0300 |
parents | 6cfd45d4c754 |
children | 45e513c3540d |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_grpc_module.c Mon Jul 16 17:47:48 2018 +0300 +++ b/src/http/modules/ngx_http_grpc_module.c Tue Jul 17 12:53:23 2018 +0300 @@ -4627,6 +4627,13 @@ } } + if (ngx_ssl_client_session_cache(cf, glcf->upstream.ssl, + glcf->upstream.ssl_session_reuse) + != NGX_OK) + { + return NGX_ERROR; + } + #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation if (SSL_CTX_set_alpn_protos(glcf->upstream.ssl->ctx,