up session cache校验ssl version，增加ssl状态读写的接口。

author: zhengchao <[email protected]> 2019-05-17 21:35:20 +0800
committer: zhengchao <[email protected]> 2019-05-24 18:52:32 +0800
commit: dda60c674c2b2a063233d4e5deecfeba5d44fd2e (patch)
tree: 4d986a9a37479991ad6a67a6dc5459a80535d449 /platform/src/ssl_sess_cache.cpp
parent: 630a3dba604815ed830e7229cf8e1b0bbac2f1b6 (diff)
1 files changed, 26 insertions, 11 deletions
diff --git a/platform/src/ssl_sess_cache.cpp b/platform/src/ssl_sess_cache.cpp
index 991bc90..52b57a8 100644
--- a/platform/src/ssl_sess_cache.cpp
+++ b/platform/src/ssl_sess_cache.cpp
@@ -17,6 +17,7 @@ struct asn1_sess
 {
 	unsigned char * buff;
 	size_t size;
+	int version;
 };
 
 struct sess_set_args
@@ -24,6 +25,11 @@ struct sess_set_args
 	MESA_htable_handle hash;
 	struct asn1_sess * new_sess;
 };
+struct sess_get_args
+{
+	SSL_SESSION *sess;
+	int version;	
+};
 
 struct sess_cache
 {
@@ -41,7 +47,7 @@ static void ssl_sess_free_serialized(void * data)
 	return;
 }
 
-static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess)
+static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess, int version)
 {
 	struct asn1_sess * result = ALLOC(struct asn1_sess, 1);
 
@@ -62,6 +68,7 @@ static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess)
 	j=i2d_SSL_SESSION(sess, &(temp));
 	assert(i == j);
 	assert(result->buff + i == temp);
+	result->version=version;
 	return result;
 }
 
@@ -101,6 +108,8 @@ static int ssl_sess_verify_cb(void * data, int eliminate_type)
 
 static long sess_cache_get_cb(void * data, const uchar * key, uint size, void * user_arg)
 {
+	struct sess_get_args *result=(struct sess_get_args *)user_arg;
+
 	SSL_SESSION * sess = NULL;
 	int is_valid = 0;
 	if (data == NULL)
@@ -119,7 +128,8 @@ static long sess_cache_get_cb(void * data, const uchar * key, uint size, void *
 	}
 	else
 	{
-		*(SSL_SESSION **) user_arg = sess;
+		result->sess=sess;
+		result->version=asn1->version;
 		return SESS_CACHE_FOUND;
 	}
 }
@@ -137,6 +147,7 @@ static long sess_cache_set_cb(void * data, const uchar * key, uint size, void *
 		cur_asn1->size = new_asn1->size;
 		cur_asn1->buff = ALLOC(unsigned char, cur_asn1->size);
 		memcpy(cur_asn1->buff, new_asn1->buff, cur_asn1->size);
+		cur_asn1->version=new_asn1->version;
 		return SESS_CACHE_UPDATE_OLD;
 	}
 	else
@@ -178,16 +189,20 @@ static size_t upsess_mk_key(struct sockaddr * res, socklen_t addrlen, const char
 }
 
 void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni,
-	SSL_SESSION * sess)
+	int version, SSL_SESSION * sess)
 {
 	unsigned char * key = NULL;
 	size_t key_size = 0;
 	long cb_ret = 0;
 	assert(cache->served_for == CONN_DIR_UPSTREAM);
+	if(!SSL_SESSION_is_resumable(sess))
+	{
+		return;
+	}
 	key_size = upsess_mk_key(addr, addr_len, sni, &key);
 
 	struct asn1_sess * asn1 = NULL;
-	asn1 = ssl_sess_serialize(sess);
+	asn1 = ssl_sess_serialize(sess, version);
 
 	struct sess_set_args set_args={.hash = cache->hash, .new_sess = asn1};
 	MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_set_cb, &set_args, &cb_ret);
@@ -200,9 +215,9 @@ void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t
 	return;
 }
 
-SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni)
-{
-	SSL_SESSION * sess = NULL;
+SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni, int min_ver, int max_ver)
+{	
+	struct sess_get_args args={NULL, 0};
 	long cb_ret = 0;
 
 	size_t key_size = 0;
@@ -210,14 +225,14 @@ SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr,
 
 	unsigned char * key = NULL;
 	key_size = upsess_mk_key(addr, addr_len, sni, &key);
-	MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_get_cb, &sess, &cb_ret);
+	MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_get_cb, &args, &cb_ret);
 //	printf("%s %s\n", __FUNCTION__, key);
 	free(key);
 	key = NULL;
-	if (cb_ret == SESS_CACHE_FOUND)
+	if (cb_ret == SESS_CACHE_FOUND && args.version>=min_ver && args.version<=max_ver)
 	{
 		ATOMIC_INC(&(cache->hit_cnt));
-		return sess;
+		return args.sess;
 	}
 	else
 	{
@@ -232,7 +247,7 @@ void down_session_set(struct sess_cache * cache, const SSL_SESSION * sess)
 	struct asn1_sess * asn1 = NULL;
 	long cb_ret = 0;
 	assert(cache->served_for == CONN_DIR_DOWNSTREAM);
-	asn1 = ssl_sess_serialize((SSL_SESSION *) sess);
+	asn1 = ssl_sess_serialize((SSL_SESSION *) sess, 0);
 
 	/*
 	* SSL_SESSION_get_id() returns a pointer to the internal session id value for the session s.
author	zhengchao <[email protected]>	2019-05-17 21:35:20 +0800
committer	zhengchao <[email protected]>	2019-05-24 18:52:32 +0800
commit	dda60c674c2b2a063233d4e5deecfeba5d44fd2e (patch)
tree	4d986a9a37479991ad6a67a6dc5459a80535d449 /platform/src/ssl_sess_cache.cpp
parent	630a3dba604815ed830e7229cf8e1b0bbac2f1b6 (diff)