| Emeric Brun | 3e541d1 | 2012-09-03 11:14:36 +0200 | [diff] [blame] | 1 | /* |
| 2 | * shctx.h - shared context management functions for SSL |
| 3 | * |
| 4 | * Copyright (C) 2011-2012 EXCELIANCE |
| 5 | * |
| 6 | * Author: Emeric Brun - emeric@exceliance.fr |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public License |
| 10 | * as published by the Free Software Foundation; either version |
| 11 | * 2 of the License, or (at your option) any later version. |
| 12 | */ |
| 13 | |
| 14 | #ifndef SHCTX_H |
| 15 | #define SHCTX_H |
| 16 | #include <openssl/ssl.h> |
| 17 | #include <stdint.h> |
| 18 | |
| 19 | #ifndef SHSESS_MAX_FOOTER_LEN |
| 20 | #define SHSESS_MAX_FOOTER_LEN sizeof(uint32_t) \ |
| 21 | + EVP_MAX_MD_SIZE |
| 22 | #endif |
| 23 | |
| 24 | #ifndef SHSESS_MAX_DATA_LEN |
| 25 | #define SHSESS_MAX_DATA_LEN 512 |
| 26 | #endif |
| 27 | |
| 28 | #ifndef SHCTX_DEFAULT_SIZE |
| 29 | #define SHCTX_DEFAULT_SIZE 20000 |
| 30 | #endif |
| 31 | |
| Emeric Brun | 786991e | 2012-11-26 18:37:12 +0100 | [diff] [blame] | 32 | #ifndef SHCTX_APPNAME |
| 33 | #define SHCTX_APPNAME "haproxy" |
| 34 | #endif |
| 35 | |
| Emeric Brun | 3e541d1 | 2012-09-03 11:14:36 +0200 | [diff] [blame] | 36 | #define SHSESS_MAX_ENCODED_LEN SSL_MAX_SSL_SESSION_ID_LENGTH \ |
| 37 | + SHSESS_MAX_DATA_LEN \ |
| 38 | + SHSESS_MAX_FOOTER_LEN |
| 39 | |
| 40 | |
| 41 | |
| 42 | /* Callback called on a new session event: |
| 43 | * session contains the sessionid zeros padded to SSL_MAX_SSL_SESSION_ID_LENGTH |
| 44 | * followed by ASN1 session encoding. |
| 45 | * len is set to SSL_MAX_SSL_SESSION_ID_LENGTH + ASN1 session length |
| 46 | * len is always less than SSL_MAX_SSL_SESSION_ID_LENGTH + SHSESS_MAX_DATA_LEN. |
| 47 | * Remaining Bytes from len to SHSESS_MAX_ENCODED_LEN can be used to add a footer. |
| 48 | * cdate is the creation date timestamp. |
| 49 | */ |
| 50 | void shsess_set_new_cbk(void (*func)(unsigned char *session, unsigned int len, long cdate)); |
| 51 | |
| 52 | /* Add a session into the cache, |
| 53 | * session contains the sessionid zeros padded to SSL_MAX_SSL_SESSION_ID_LENGTH |
| 54 | * followed by ASN1 session encoding. |
| 55 | * len is set to SSL_MAX_SSL_SESSION_ID_LENGTH + ASN1 data length. |
| 56 | * if len greater than SHSESS_MAX_ENCODED_LEN, session is not added. |
| 57 | * if cdate not 0, on get events session creation date will be reset to cdate */ |
| 58 | void shctx_sess_add(const unsigned char *session, unsigned int session_len, long cdate); |
| 59 | |
| 60 | /* Allocate shared memory context. |
| 61 | * size is maximum cached sessions. |
| 62 | * if set less or equal to 0, SHCTX_DEFAULT_SIZE is used. |
| Emeric Brun | 9faf071 | 2012-09-25 11:11:16 +0200 | [diff] [blame] | 63 | * set use_shared_memory to 1 to use a mapped shared memory insteed |
| 64 | * of private. (ignored if compiled whith USE_PRIVATE_CACHE=1) |
| Emeric Brun | 3e541d1 | 2012-09-03 11:14:36 +0200 | [diff] [blame] | 65 | * Returns: -1 on alloc failure, size if it performs context alloc, |
| 66 | * and 0 if cache is already allocated */ |
| Emeric Brun | 4b3091e | 2012-09-24 15:48:52 +0200 | [diff] [blame] | 67 | int shared_context_init(int size, int use_shared_memory); |
| Emeric Brun | 3e541d1 | 2012-09-03 11:14:36 +0200 | [diff] [blame] | 68 | |
| 69 | /* Set shared cache callbacks on an ssl context. |
| 70 | * Set session cache mode to server and disable openssl internal cache. |
| 71 | * Shared context MUST be firstly initialized */ |
| 72 | void shared_context_set_cache(SSL_CTX *ctx); |
| 73 | |
| 74 | #endif /* SHCTX_H */ |
| 75 | |