src/security/Session.cc

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #include "squid.h"
  10 #include "anyp/PortCfg.h"
  11 #include "base/RunnersRegistry.h"
  12 #include "ipc/MemMap.h"
  13 #include "security/Session.h"
  14 #include "SquidConfig.h"
  15
  16 #define SSL_SESSION_ID_SIZE 32
  17 #define SSL_SESSION_MAX_SIZE 10*1024
  18
  19 static bool
  20 isTlsServer()
  21 {
  22     for (AnyP::PortCfgPointer s = HttpPortList; s != nullptr; s = s->next) {
  23         if (s->secure.encryptTransport)
  24             return true;
  25         if (s->flags.tunnelSslBumping)
  26             return true;
  27     }
  28
  29     return false;
  30 }
  31
  32 void
  33 initializeSessionCache()
  34 {
  35 #if USE_OPENSSL
  36     // Check if the MemMap keys and data are enough big to hold
  37     // session ids and session data
  38     assert(SSL_SESSION_ID_SIZE >= MEMMAP_SLOT_KEY_SIZE);
  39     assert(SSL_SESSION_MAX_SIZE >= MEMMAP_SLOT_DATA_SIZE);
  40
  41     int configuredItems = ::Config.SSL.sessionCacheSize / sizeof(Ipc::MemMap::Slot);
  42     if (IamWorkerProcess() && configuredItems)
  43         Ssl::SessionCache = new Ipc::MemMap(Ssl::SessionCacheName);
  44     else {
  45         Ssl::SessionCache = nullptr;
  46         return;
  47     }
  48
  49     for (AnyP::PortCfgPointer s = HttpPortList; s != nullptr; s = s->next) {
  50         if (s->secure.staticContext.get())
  51             Ssl::SetSessionCallbacks(s->secure.staticContext.get());
  52     }
  53 #endif
  54 }
  55
  56 /// initializes shared memory segments used by MemStore
  57 class SharedSessionCacheRr: public Ipc::Mem::RegisteredRunner
  58 {
  59 public:
  60     /* RegisteredRunner API */
  61     SharedSessionCacheRr(): owner(nullptr) {}
  62     virtual void useConfig();
  63     virtual ~SharedSessionCacheRr();
  64
  65 protected:
  66     virtual void create();
  67
  68 private:
  69     Ipc::MemMap::Owner *owner;
  70 };
  71
  72 RunnerRegistrationEntry(SharedSessionCacheRr);
  73
  74 void
  75 SharedSessionCacheRr::useConfig()
  76 {
  77 #if USE_OPENSSL // while Ssl:: bits in use
  78     if (Ssl::SessionCache || !isTlsServer()) //no need to configure ssl session cache.
  79         return;
  80
  81     Ipc::Mem::RegisteredRunner::useConfig();
  82     initializeSessionCache();
  83 #endif
  84 }
  85
  86 void
  87 SharedSessionCacheRr::create()
  88 {
  89     if (!isTlsServer()) //no need to configure ssl session cache.
  90         return;
  91
  92 #if USE_OPENSSL // while Ssl:: bits in use
  93     if (int items = Config.SSL.sessionCacheSize / sizeof(Ipc::MemMap::Slot))
  94         owner = Ipc::MemMap::Init(Ssl::SessionCacheName, items);
  95 #endif
  96 }
  97
  98 SharedSessionCacheRr::~SharedSessionCacheRr()
  99 {
 100     // XXX: Enable after testing to reduce at-exit memory "leaks".
 101     // delete Ssl::SessionCache;
 102
 103     delete owner;
 104 }
 105