From d5a27006e03174aa518f6c849d377a130a7c705c Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Tue, 17 Jul 2018 12:53:23 +0300 Subject: SSL: save sessions for upstream peers using a callback function. In TLSv1.3, NewSessionTicket messages arrive after the handshake and can come at any time. Therefore we use a callback to save the session when we know about it. This approach works for < TLSv1.3 as well. The callback function is set once per location on merge phase. Since SSL_get_session() in BoringSSL returns an unresumable session for TLSv1.3, peer save_session() methods have been updated as well to use a session supplied within the callback. To preserve API, the session is cached in c->ssl->session. It is preferably accessed in save_session() methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers. --- src/http/modules/ngx_http_uwsgi_module.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/http/modules/ngx_http_uwsgi_module.c') diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c index 238bcf8a3..07a4c0805 100644 --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -2391,6 +2391,13 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) } } + if (ngx_ssl_client_session_cache(cf, uwcf->upstream.ssl, + uwcf->upstream.ssl_session_reuse) + != NGX_OK) + { + return NGX_ERROR; + } + return NGX_OK; } -- cgit