summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2009-06-04 13:46:08 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2009-06-04 13:46:08 +0000
commit639ae338e755ef67530855afa922424301d2b8d4 (patch)
tree930fc4f8185ff6cb03dc9e8121846115f59e157c /usr.sbin
parent12646fb401861d759c49645b6be10d23988de7e4 (diff)
Keep around the SSL session for each checked host. This way SSL
caching can kick in on subsequent checks, making them faster and lighter on the server. From camield, closes PR 6137 (modified diff)
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/hce.c3
-rw-r--r--usr.sbin/relayd/relayd.c4
-rw-r--r--usr.sbin/relayd/ssl.c16
3 files changed, 14 insertions, 9 deletions
diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c
index f85b7eca36c..60c448465ca 100644
--- a/usr.sbin/relayd/hce.c
+++ b/usr.sbin/relayd/hce.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hce.c,v 1.49 2009/06/02 12:24:16 reyk Exp $ */
+/* $OpenBSD: hce.c,v 1.50 2009/06/04 13:46:07 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -254,7 +254,6 @@ hce_launch_checks(int fd, short event, void *arg)
break;
default:
/* Any other TCP-style checks */
- bzero(&host->cte, sizeof(host->cte));
host->last_up = host->up;
host->cte.host = host;
host->cte.table = table;
diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c
index c2056389d50..c6eceda53ec 100644
--- a/usr.sbin/relayd/relayd.c
+++ b/usr.sbin/relayd/relayd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.c,v 1.85 2009/06/02 12:24:16 reyk Exp $ */
+/* $OpenBSD: relayd.c,v 1.86 2009/06/04 13:46:07 reyk Exp $ */
/*
* Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
@@ -555,6 +555,8 @@ purge_table(struct tablelist *head, struct table *table)
while ((host = TAILQ_FIRST(&table->hosts)) != NULL) {
TAILQ_REMOVE(&table->hosts, host, entry);
+ if (host->cte.ssl != NULL)
+ SSL_free(host->cte.ssl);
free(host);
}
if (table->sendbuf != NULL)
diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c
index a8523b5f55b..9f4081d551a 100644
--- a/usr.sbin/relayd/ssl.c
+++ b/usr.sbin/relayd/ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.c,v 1.14 2008/12/05 16:37:56 reyk Exp $ */
+/* $OpenBSD: ssl.c,v 1.15 2009/06/04 13:46:07 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -219,8 +219,10 @@ void
ssl_cleanup(struct ctl_tcp_event *cte)
{
close(cte->s);
- if (cte->ssl != NULL)
- SSL_free(cte->ssl);
+ if (cte->ssl != NULL) {
+ SSL_shutdown(cte->ssl);
+ SSL_clear(cte->ssl);
+ }
if (cte->buf != NULL)
buf_free(cte->buf);
}
@@ -254,10 +256,12 @@ ssl_init(struct relayd *env)
void
ssl_transaction(struct ctl_tcp_event *cte)
{
- cte->ssl = SSL_new(cte->table->ssl_ctx);
if (cte->ssl == NULL) {
- ssl_error(cte->host->conf.name, "cannot create object");
- fatal("cannot create SSL object");
+ cte->ssl = SSL_new(cte->table->ssl_ctx);
+ if (cte->ssl == NULL) {
+ ssl_error(cte->host->conf.name, "cannot create object");
+ fatal("cannot create SSL object");
+ }
}
if (SSL_set_fd(cte->ssl, cte->s) == 0) {