diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2009-06-04 13:46:08 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2009-06-04 13:46:08 +0000 |
commit | 639ae338e755ef67530855afa922424301d2b8d4 (patch) | |
tree | 930fc4f8185ff6cb03dc9e8121846115f59e157c /usr.sbin | |
parent | 12646fb401861d759c49645b6be10d23988de7e4 (diff) |
Keep around the SSL session for each checked host. This way SSL
caching can kick in on subsequent checks, making them faster and
lighter on the server.
From camield, closes PR 6137 (modified diff)
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/relayd/hce.c | 3 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/ssl.c | 16 |
3 files changed, 14 insertions, 9 deletions
diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c index f85b7eca36c..60c448465ca 100644 --- a/usr.sbin/relayd/hce.c +++ b/usr.sbin/relayd/hce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hce.c,v 1.49 2009/06/02 12:24:16 reyk Exp $ */ +/* $OpenBSD: hce.c,v 1.50 2009/06/04 13:46:07 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -254,7 +254,6 @@ hce_launch_checks(int fd, short event, void *arg) break; default: /* Any other TCP-style checks */ - bzero(&host->cte, sizeof(host->cte)); host->last_up = host->up; host->cte.host = host; host->cte.table = table; diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index c2056389d50..c6eceda53ec 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.85 2009/06/02 12:24:16 reyk Exp $ */ +/* $OpenBSD: relayd.c,v 1.86 2009/06/04 13:46:07 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -555,6 +555,8 @@ purge_table(struct tablelist *head, struct table *table) while ((host = TAILQ_FIRST(&table->hosts)) != NULL) { TAILQ_REMOVE(&table->hosts, host, entry); + if (host->cte.ssl != NULL) + SSL_free(host->cte.ssl); free(host); } if (table->sendbuf != NULL) diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c index a8523b5f55b..9f4081d551a 100644 --- a/usr.sbin/relayd/ssl.c +++ b/usr.sbin/relayd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.14 2008/12/05 16:37:56 reyk Exp $ */ +/* $OpenBSD: ssl.c,v 1.15 2009/06/04 13:46:07 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -219,8 +219,10 @@ void ssl_cleanup(struct ctl_tcp_event *cte) { close(cte->s); - if (cte->ssl != NULL) - SSL_free(cte->ssl); + if (cte->ssl != NULL) { + SSL_shutdown(cte->ssl); + SSL_clear(cte->ssl); + } if (cte->buf != NULL) buf_free(cte->buf); } @@ -254,10 +256,12 @@ ssl_init(struct relayd *env) void ssl_transaction(struct ctl_tcp_event *cte) { - cte->ssl = SSL_new(cte->table->ssl_ctx); if (cte->ssl == NULL) { - ssl_error(cte->host->conf.name, "cannot create object"); - fatal("cannot create SSL object"); + cte->ssl = SSL_new(cte->table->ssl_ctx); + if (cte->ssl == NULL) { + ssl_error(cte->host->conf.name, "cannot create object"); + fatal("cannot create SSL object"); + } } if (SSL_set_fd(cte->ssl, cte->s) == 0) { |