diff options
author | Ruslan Nigmatullin <elessar@dropbox.com> | 2018-02-21 16:44:35 -0800 |
---|---|---|
committer | Ruslan Nigmatullin <elessar@dropbox.com> | 2018-03-20 09:17:28 -0700 |
commit | 7ae3733cab31c9c8b06dc5961984e063685de261 (patch) | |
tree | b4d8535830d94b9de4b520761c29ff1162fcf485 /src/core/tsi/ssl/session_cache/ssl_session.h | |
parent | c4223da3ef38b1ad728e5b6a7ccd3dd0a0008937 (diff) |
[grpc] Add SSL session client cache support
Diffstat (limited to 'src/core/tsi/ssl/session_cache/ssl_session.h')
-rw-r--r-- | src/core/tsi/ssl/session_cache/ssl_session.h | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/src/core/tsi/ssl/session_cache/ssl_session.h b/src/core/tsi/ssl/session_cache/ssl_session.h new file mode 100644 index 0000000000..115221ec06 --- /dev/null +++ b/src/core/tsi/ssl/session_cache/ssl_session.h @@ -0,0 +1,73 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H +#define GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H + +#include <grpc/support/port_platform.h> + +#include <grpc/slice.h> + +extern "C" { +#include <openssl/ssl.h> +} + +#include "src/core/lib/gprpp/ref_counted.h" + +// The main purpose of code here is to provide means to cache SSL sessions +// in a way that they can be shared between connections. +// +// SSL_SESSION stands for single instance of session and is not generally safe +// to share between SSL contexts with different lifetimes. It happens because +// not all SSL implementations guarantee immutability of SSL_SESSION object. +// See SSL_SESSION documentation in BoringSSL and OpenSSL for more details. + +namespace tsi { + +struct SslSessionDeleter { + void operator()(SSL_SESSION* session) { SSL_SESSION_free(session); } +}; + +typedef std::unique_ptr<SSL_SESSION, SslSessionDeleter> SslSessionPtr; + +/// SslCachedSession is an immutable thread-safe storage for single session +/// representation. It provides means to share SSL session data (e.g. TLS +/// ticket) between encrypted connections regardless of SSL context lifetime. +class SslCachedSession { + public: + // Not copyable nor movable. + SslCachedSession(const SslCachedSession&) = delete; + SslCachedSession& operator=(const SslCachedSession&) = delete; + + /// Create single cached instance of \a session. + static grpc_core::UniquePtr<SslCachedSession> Create(SslSessionPtr session); + + virtual ~SslCachedSession() = default; + + /// Returns a copy of previously cached session. + virtual SslSessionPtr CopySession() const GRPC_ABSTRACT; + + GRPC_ABSTRACT_BASE_CLASS + + protected: + SslCachedSession() = default; +}; + +} // namespace tsi + +#endif /* GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H */ |