proxygen
Main Page
Related Pages
Namespaces
Classes
Files
Examples
File List
File Members
ServerSSLContext.cpp
Go to the documentation of this file.
1
/*
2
* Copyright 2017-present Facebook, Inc.
3
*
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
7
*
8
* http://www.apache.org/licenses/LICENSE-2.0
9
*
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
15
*/
16
#include <
wangle/ssl/ServerSSLContext.h
>
17
18
#include <
folly/Memory.h
>
19
#include <
wangle/ssl/SSLCacheOptions.h
>
20
#include <
wangle/ssl/SSLContextConfig.h
>
21
#include <
wangle/ssl/SSLSessionCacheManager.h
>
22
#include <
wangle/ssl/TLSTicketKeyManager.h
>
23
#include <
wangle/ssl/TLSTicketKeySeeds.h
>
24
25
using
folly::SSLContext
;
26
using
folly::EventBase
;
27
28
namespace
wangle
{
29
30
ServerSSLContext::ServerSSLContext
(
SSLVersion
version
)
31
:
folly
::
SSLContext
(version) {
32
setSessionCacheContext
(
"ServerSSLContext"
);
33
}
34
35
void
ServerSSLContext::setupTicketManager
(
36
const
TLSTicketKeySeeds
* ticketSeeds,
37
const
SSLContextConfig
& ctxConfig,
38
SSLStats
* stats) {
39
#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
40
if
(ticketSeeds && ctxConfig.
sessionTicketEnabled
) {
41
ticketManager_
= std::make_unique<TLSTicketKeyManager>(
this
, stats);
42
ticketManager_
->setTLSTicketKeySeeds(
43
ticketSeeds->
oldSeeds
,
44
ticketSeeds->
currentSeeds
,
45
ticketSeeds->
newSeeds
);
46
}
else
{
47
setOptions
(SSL_OP_NO_TICKET);
48
ticketManager_
.reset();
49
}
50
#else
51
if
(ticketSeeds && ctxConfig.
sessionTicketEnabled
) {
52
OPENSSL_MISSING_FEATURE
(TLSTicket);
53
}
54
#endif
55
}
56
57
void
ServerSSLContext::setupSessionCache
(
58
const
SSLContextConfig
& ctxConfig,
59
const
SSLCacheOptions
& cacheOptions,
60
const
std::shared_ptr<SSLCacheProvider>& externalCache,
61
const
std::string
& sessionIdContext,
62
SSLStats
* stats) {
63
// the internal cache never does what we want (per-thread-per-vip).
64
// Disable it. SSLSessionCacheManager will set it appropriately.
65
SSL_CTX_set_session_cache_mode(
getSSLCtx
(), SSL_SESS_CACHE_OFF);
66
SSL_CTX_set_timeout(
getSSLCtx
(), cacheOptions.
sslCacheTimeout
.count());
67
if
(ctxConfig.
sessionCacheEnabled
&&
68
cacheOptions.
maxSSLCacheSize
> 0 &&
69
cacheOptions.
sslCacheFlushSize
> 0) {
70
sessionCacheManager_
= std::make_unique<SSLSessionCacheManager>(
71
cacheOptions.
maxSSLCacheSize
,
72
cacheOptions.
sslCacheFlushSize
,
73
this
,
74
sessionIdContext,
75
stats,
76
externalCache);
77
}
else
{
78
sessionCacheManager_
.reset();
79
}
80
}
81
82
}
wangle::TLSTicketKeySeeds::newSeeds
std::vector< std::string > newSeeds
Definition:
TLSTicketKeySeeds.h:27
wangle::SSLContextConfig::sessionCacheEnabled
bool sessionCacheEnabled
Definition:
SSLContextConfig.h:101
wangle::ServerSSLContext::setupSessionCache
void setupSessionCache(const SSLContextConfig &ctxConfig, const SSLCacheOptions &cacheOptions, const std::shared_ptr< SSLCacheProvider > &externalCache, const std::string &sessionIdContext, SSLStats *stats)
Definition:
ServerSSLContext.cpp:57
wangle::TLSTicketKeySeeds::currentSeeds
std::vector< std::string > currentSeeds
Definition:
TLSTicketKeySeeds.h:26
TLSTicketKeySeeds.h
Memory.h
wangle::SSLCacheOptions
Definition:
SSLCacheOptions.h:23
folly::SSLContext::SSLVersion
SSLVersion
Definition:
SSLContext.h:91
wangle::ServerSSLContext::setupTicketManager
void setupTicketManager(const TLSTicketKeySeeds *ticketSeeds, const SSLContextConfig &ctxConfig, SSLStats *stats)
Definition:
ServerSSLContext.cpp:35
folly
—— Concurrent Priority Queue Implementation ——
Definition:
AtomicBitSet.h:29
folly::SSLContext::setOptions
void setOptions(long options)
Definition:
SSLContext.cpp:590
wangle::SSLContextConfig::sessionTicketEnabled
bool sessionTicketEnabled
Definition:
SSLContextConfig.h:102
wangle::TLSTicketKeySeeds
Definition:
TLSTicketKeySeeds.h:24
wangle
Definition:
Acceptor.cpp:49
folly::SSLContext
Definition:
SSLContext.h:89
version
ProtocolVersion version
Definition:
ClientProtocol.cpp:1005
folly::SSLContext::getSSLCtx
SSL_CTX * getSSLCtx() const
Definition:
SSLContext.h:503
SSLCacheOptions.h
OPENSSL_MISSING_FEATURE
#define OPENSSL_MISSING_FEATURE(name)
Definition:
SSLContextManager.cpp:37
wangle::ServerSSLContext::ServerSSLContext
ServerSSLContext(SSLVersion version=TLSv1)
Definition:
ServerSSLContext.cpp:30
TLSTicketKeyManager.h
wangle::SSLCacheOptions::sslCacheTimeout
std::chrono::seconds sslCacheTimeout
Definition:
SSLCacheOptions.h:24
folly::EventBase
Definition:
EventBase.h:128
folly::SSLContext::setSessionCacheContext
void setSessionCacheContext(const std::string &context)
Definition:
SSLContext.cpp:526
ServerSSLContext.h
SSLSessionCacheManager.h
string
const char * string
Definition:
Conv.cpp:212
wangle::SSLCacheOptions::maxSSLCacheSize
uint64_t maxSSLCacheSize
Definition:
SSLCacheOptions.h:25
wangle::SSLStats
Definition:
SSLStats.h:22
wangle::TLSTicketKeySeeds::oldSeeds
std::vector< std::string > oldSeeds
Definition:
TLSTicketKeySeeds.h:25
wangle::SSLContextConfig
Definition:
SSLContextConfig.h:38
wangle::ServerSSLContext::ticketManager_
std::unique_ptr< TLSTicketKeyManager > ticketManager_
Definition:
ServerSSLContext.h:71
SSLContextConfig.h
wangle::SSLCacheOptions::sslCacheFlushSize
uint64_t sslCacheFlushSize
Definition:
SSLCacheOptions.h:26
wangle::ServerSSLContext::sessionCacheManager_
std::unique_ptr< SSLSessionCacheManager > sessionCacheManager_
Definition:
ServerSSLContext.h:72
proxygen
wangle
wangle
ssl
ServerSSLContext.cpp
Generated by
1.8.11