Commit c7071258 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

shrpx: Explicitly hold server SSL_CTX and client SSL_CTX

parent b18af854
...@@ -242,11 +242,12 @@ int event_loop() ...@@ -242,11 +242,12 @@ int event_loop()
{ {
event_base *evbase = event_base_new(); event_base *evbase = event_base_new();
SSL_CTX *ssl_ctx = get_config()->client_mode ? SSL_CTX *sv_ssl_ctx = get_config()->default_ssl_ctx;
ssl::create_ssl_client_context() : get_config()->default_ssl_ctx; SSL_CTX *cl_ssl_ctx = get_config()->client_mode ?
ssl::create_ssl_client_context() : 0;
ListenHandler *listener_handler = new ListenHandler(evbase, ssl_ctx);
ListenHandler *listener_handler = new ListenHandler(evbase, sv_ssl_ctx,
cl_ssl_ctx);
if(get_config()->daemon) { if(get_config()->daemon) {
if(daemon(0, 0) == -1) { if(daemon(0, 0) == -1) {
LOG(FATAL) << "Failed to daemonize: " << strerror(errno); LOG(FATAL) << "Failed to daemonize: " << strerror(errno);
...@@ -269,7 +270,7 @@ int event_loop() ...@@ -269,7 +270,7 @@ int event_loop()
if(get_config()->num_worker > 1) { if(get_config()->num_worker > 1) {
listener_handler->create_worker_thread(get_config()->num_worker); listener_handler->create_worker_thread(get_config()->num_worker);
} else if(get_config()->client_mode) { } else if(cl_ssl_ctx) {
listener_handler->create_spdy_session(); listener_handler->create_spdy_session();
} }
......
...@@ -272,7 +272,7 @@ DownstreamConnection* ClientHandler::get_downstream_connection() ...@@ -272,7 +272,7 @@ DownstreamConnection* ClientHandler::get_downstream_connection()
CLOG(INFO, this) << "Downstream connection pool is empty." CLOG(INFO, this) << "Downstream connection pool is empty."
<< " Create new one"; << " Create new one";
} }
if(get_config()->client_mode) { if(spdy_) {
return new SpdyDownstreamConnection(this); return new SpdyDownstreamConnection(this);
} else { } else {
return new HttpDownstreamConnection(this); return new HttpDownstreamConnection(this);
......
...@@ -71,8 +71,8 @@ private: ...@@ -71,8 +71,8 @@ private:
std::string ipaddr_; std::string ipaddr_;
bool should_close_after_write_; bool should_close_after_write_;
std::set<DownstreamConnection*> dconn_pool_; std::set<DownstreamConnection*> dconn_pool_;
// Shared SPDY session for each thread. NULL if not client mode. Not // Shared SPDY session for each thread. NULL if backend is not
// deleted by this object. // SPDY. Not deleted by this object.
SpdySession *spdy_; SpdySession *spdy_;
}; };
......
...@@ -40,9 +40,11 @@ ...@@ -40,9 +40,11 @@
namespace shrpx { namespace shrpx {
ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx) ListenHandler::ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx,
SSL_CTX *cl_ssl_ctx)
: evbase_(evbase), : evbase_(evbase),
ssl_ctx_(ssl_ctx), sv_ssl_ctx_(sv_ssl_ctx),
cl_ssl_ctx_(cl_ssl_ctx),
worker_round_robin_cnt_(0), worker_round_robin_cnt_(0),
workers_(0), workers_(0),
num_worker_(0), num_worker_(0),
...@@ -68,7 +70,8 @@ void ListenHandler::create_worker_thread(size_t num) ...@@ -68,7 +70,8 @@ void ListenHandler::create_worker_thread(size_t num)
LLOG(ERROR, this) << "socketpair() failed: " << strerror(errno); LLOG(ERROR, this) << "socketpair() failed: " << strerror(errno);
continue; continue;
} }
info->ssl_ctx = ssl_ctx_; info->sv_ssl_ctx = sv_ssl_ctx_;
info->cl_ssl_ctx = cl_ssl_ctx_;
rv = pthread_create(&thread, &attr, start_threaded_worker, info); rv = pthread_create(&thread, &attr, start_threaded_worker, info);
if(rv != 0) { if(rv != 0) {
LLOG(ERROR, this) << "pthread_create() failed: " << strerror(rv); LLOG(ERROR, this) << "pthread_create() failed: " << strerror(rv);
...@@ -94,11 +97,9 @@ int ListenHandler::accept_connection(evutil_socket_t fd, ...@@ -94,11 +97,9 @@ int ListenHandler::accept_connection(evutil_socket_t fd,
LLOG(INFO, this) << "Accepted connection. fd=" << fd; LLOG(INFO, this) << "Accepted connection. fd=" << fd;
} }
if(num_worker_ == 0) { if(num_worker_ == 0) {
ClientHandler* client = ClientHandler* client = ssl::accept_connection(evbase_, sv_ssl_ctx_,
ssl::accept_ssl_connection(evbase_, ssl_ctx_, fd, addr, addrlen); fd, addr, addrlen);
if(get_config()->client_mode) { client->set_spdy_session(spdy_);
client->set_spdy_session(spdy_);
}
} else { } else {
size_t idx = worker_round_robin_cnt_ % num_worker_; size_t idx = worker_round_robin_cnt_ % num_worker_;
++worker_round_robin_cnt_; ++worker_round_robin_cnt_;
...@@ -124,7 +125,7 @@ event_base* ListenHandler::get_evbase() const ...@@ -124,7 +125,7 @@ event_base* ListenHandler::get_evbase() const
int ListenHandler::create_spdy_session() int ListenHandler::create_spdy_session()
{ {
int rv; int rv;
spdy_ = new SpdySession(evbase_, ssl_ctx_); spdy_ = new SpdySession(evbase_, cl_ssl_ctx_);
rv = spdy_->init_notification(); rv = spdy_->init_notification();
return rv; return rv;
} }
......
...@@ -38,7 +38,8 @@ namespace shrpx { ...@@ -38,7 +38,8 @@ namespace shrpx {
struct WorkerInfo { struct WorkerInfo {
int sv[2]; int sv[2];
SSL_CTX *ssl_ctx; SSL_CTX *sv_ssl_ctx;
SSL_CTX *cl_ssl_ctx;
bufferevent *bev; bufferevent *bev;
}; };
...@@ -46,7 +47,7 @@ class SpdySession; ...@@ -46,7 +47,7 @@ class SpdySession;
class ListenHandler { class ListenHandler {
public: public:
ListenHandler(event_base *evbase, SSL_CTX *ssl_ctx); ListenHandler(event_base *evbase, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx);
~ListenHandler(); ~ListenHandler();
int accept_connection(evutil_socket_t fd, sockaddr *addr, int addrlen); int accept_connection(evutil_socket_t fd, sockaddr *addr, int addrlen);
void create_worker_thread(size_t num); void create_worker_thread(size_t num);
...@@ -54,14 +55,15 @@ public: ...@@ -54,14 +55,15 @@ public:
int create_spdy_session(); int create_spdy_session();
private: private:
event_base *evbase_; event_base *evbase_;
// In client-mode, this is for backend SPDY connection. Otherwise, // The frontend server SSL_CTX
// for frontend. SSL_CTX *sv_ssl_ctx_;
SSL_CTX *ssl_ctx_; // The backend server SSL_CTX
SSL_CTX *cl_ssl_ctx_;
unsigned int worker_round_robin_cnt_; unsigned int worker_round_robin_cnt_;
WorkerInfo *workers_; WorkerInfo *workers_;
size_t num_worker_; size_t num_worker_;
// Shared SPDY session. NULL if not client mode or // Shared backend SPDY session. NULL if multi-threaded. In
// multi-threaded. In multi-threaded case, see shrpx_worker.cc. // multi-threaded case, see shrpx_worker.cc.
SpdySession *spdy_; SpdySession *spdy_;
}; };
......
...@@ -245,9 +245,9 @@ SSL_CTX* create_ssl_client_context() ...@@ -245,9 +245,9 @@ SSL_CTX* create_ssl_client_context()
return ssl_ctx; return ssl_ctx;
} }
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx, ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
evutil_socket_t fd, evutil_socket_t fd,
sockaddr *addr, int addrlen) sockaddr *addr, int addrlen)
{ {
char host[NI_MAXHOST]; char host[NI_MAXHOST];
int rv; int rv;
...@@ -266,9 +266,7 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx, ...@@ -266,9 +266,7 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
} }
SSL *ssl = 0; SSL *ssl = 0;
bufferevent *bev; bufferevent *bev;
if(get_config()->client_mode) { if(ssl_ctx) {
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
} else {
ssl = SSL_new(ssl_ctx); ssl = SSL_new(ssl_ctx);
if(!ssl) { if(!ssl) {
LOG(ERROR) << "SSL_new() failed: " LOG(ERROR) << "SSL_new() failed: "
...@@ -278,6 +276,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx, ...@@ -278,6 +276,8 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
bev = bufferevent_openssl_socket_new bev = bufferevent_openssl_socket_new
(evbase, fd, ssl, (evbase, fd, ssl,
BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS); BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS);
} else {
bev = bufferevent_socket_new(evbase, fd, BEV_OPT_DEFER_CALLBACKS);
} }
ClientHandler *client_handler = new ClientHandler(bev, fd, ssl, host); ClientHandler *client_handler = new ClientHandler(bev, fd, ssl, host);
return client_handler; return client_handler;
......
...@@ -45,9 +45,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file, ...@@ -45,9 +45,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
SSL_CTX* create_ssl_client_context(); SSL_CTX* create_ssl_client_context();
ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx, ClientHandler* accept_connection(event_base *evbase, SSL_CTX *ssl_ctx,
evutil_socket_t fd, evutil_socket_t fd,
sockaddr *addr, int addrlen); sockaddr *addr, int addrlen);
bool numeric_host(const char *hostname); bool numeric_host(const char *hostname);
......
...@@ -58,10 +58,10 @@ void ThreadEventReceiver::on_read(bufferevent *bev) ...@@ -58,10 +58,10 @@ void ThreadEventReceiver::on_read(bufferevent *bev)
} }
event_base *evbase = bufferevent_get_base(bev); event_base *evbase = bufferevent_get_base(bev);
ClientHandler *client_handler; ClientHandler *client_handler;
client_handler = ssl::accept_ssl_connection(evbase, ssl_ctx_, client_handler = ssl::accept_connection(evbase, ssl_ctx_,
wev.client_fd, wev.client_fd,
&wev.client_addr.sa, &wev.client_addr.sa,
wev.client_addrlen); wev.client_addrlen);
if(client_handler) { if(client_handler) {
client_handler->set_spdy_session(spdy_); client_handler->set_spdy_session(spdy_);
if(LOG_ENABLED(INFO)) { if(LOG_ENABLED(INFO)) {
......
...@@ -39,7 +39,8 @@ namespace shrpx { ...@@ -39,7 +39,8 @@ namespace shrpx {
Worker::Worker(WorkerInfo *info) Worker::Worker(WorkerInfo *info)
: fd_(info->sv[1]), : fd_(info->sv[1]),
ssl_ctx_(info->ssl_ctx) sv_ssl_ctx_(info->sv_ssl_ctx),
cl_ssl_ctx_(info->cl_ssl_ctx)
{} {}
Worker::~Worker() Worker::~Worker()
...@@ -74,13 +75,13 @@ void Worker::run() ...@@ -74,13 +75,13 @@ void Worker::run()
bufferevent *bev = bufferevent_socket_new(evbase, fd_, bufferevent *bev = bufferevent_socket_new(evbase, fd_,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);
SpdySession *spdy = 0; SpdySession *spdy = 0;
if(get_config()->client_mode) { if(cl_ssl_ctx_) {
spdy = new SpdySession(evbase, ssl_ctx_); spdy = new SpdySession(evbase, cl_ssl_ctx_);
if(spdy->init_notification() == -1) { if(spdy->init_notification() == -1) {
DIE(); DIE();
} }
} }
ThreadEventReceiver *receiver = new ThreadEventReceiver(ssl_ctx_, spdy); ThreadEventReceiver *receiver = new ThreadEventReceiver(sv_ssl_ctx_, spdy);
bufferevent_enable(bev, EV_READ); bufferevent_enable(bev, EV_READ);
bufferevent_setcb(bev, readcb, 0, eventcb, receiver); bufferevent_setcb(bev, readcb, 0, eventcb, receiver);
......
...@@ -42,7 +42,8 @@ public: ...@@ -42,7 +42,8 @@ public:
private: private:
// Channel to the main thread // Channel to the main thread
int fd_; int fd_;
SSL_CTX *ssl_ctx_; SSL_CTX *sv_ssl_ctx_;
SSL_CTX *cl_ssl_ctx_;
}; };
void* start_threaded_worker(void *arg); void* start_threaded_worker(void *arg);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment