diff options
| author |  Ruslan Nigmatullin <elessar@dropbox.com> | 2018-02-21 16:44:35 -0800 |
|---|---|---|
| committer | Ruslan Nigmatullin <elessar@dropbox.com> | 2018-03-20 09:17:28 -0700 |
| commit | 7ae3733cab31c9c8b06dc5961984e063685de261 (patch) | |
| tree | b4d8535830d94b9de4b520761c29ff1162fcf485 /src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc | |
| parent | c4223da3ef38b1ad728e5b6a7ccd3dd0a0008937 (diff) | |
[grpc] Add SSL session client cache support
Diffstat (limited to 'src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc')
| -rw-r--r-- | src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc b/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc new file mode 100644 index 0000000000..0da5a96164 --- /dev/null +++ b/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc @@ -0,0 +1,58 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <grpc/support/port_platform.h> + +#include "src/core/tsi/ssl/session_cache/ssl_session.h" + +#ifdef OPENSSL_IS_BORINGSSL + +// BoringSSL allows SSL_SESSION to outlive SSL and SSL_CTX objects which are +// re-created by gRPC on every certificate rotation or subchannel creation. +// BoringSSL guarantees that SSL_SESSION is immutable so it's safe to share +// the same original session object between different threads and connections. + +namespace tsi { +namespace { + +class BoringSslCachedSession : public SslCachedSession { + public: + BoringSslCachedSession(SslSessionPtr session) + : session_(std::move(session)) {} + + SslSessionPtr CopySession() const override { + // SslSessionPtr will dereference on destruction. + SSL_SESSION_up_ref(session_.get()); + return SslSessionPtr(session_.get()); + } + + private: + SslSessionPtr session_; +}; + +} // namespace + +grpc_core::UniquePtr<SslCachedSession> SslCachedSession::Create( + SslSessionPtr session) { + return grpc_core::UniquePtr<SslCachedSession>( + grpc_core::New<BoringSslCachedSession>(std::move(session))); +} + +} // namespace tsi + +#endif /* OPENSSL_IS_BORINGSSL */ |