git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Emeric Brun <ebrun@exceliance.fr>
	Mon, 3 Sep 2012 09:14:36 +0000 (11:14 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 3 Sep 2012 20:36:33 +0000 (22:36 +0200)
commit	3e541d1c0306acba7d31a60d7b0a7d433f0e4265
tree	6a2ad18726e50e19a589cc090e6d2afe30b78fc5	tree
parent	fbac6638c1cea56155fd3a8bd1e40397dd6801a0	commit \| diff

MEDIUM: ssl: add shared memory session cache implementation.

This SSL session cache was developped at Exceliance and is the same that
was proposed for stunnel and stud. It makes use of a shared memory area
between the processes so that sessions can be handled by any process. It
is only useful when haproxy runs with nbproc > 1, but it does not hurt
performance at all with nbproc = 1. The aim is to totally replace OpenSSL's
internal cache.

The cache is optimized for Linux >= 2.6 and specifically for x86 platforms.
On Linux/x86, it makes use of futexes for inter-process locking, with some
x86 assembly for the locked instructions. On other architectures, GCC
builtins are used instead, which are available starting from gcc 4.1.

On other operating systems, the locks fall back to pthread mutexes so
libpthread is automatically linked. It is not recommended since pthreads
are much slower than futexes. The lib is only linked if SSL is enabled.

Makefile		diff \| blob \| blame \| history
include/proto/shctx.h	[new file with mode: 0644]	blob
src/shctx.c	[new file with mode: 0644]	blob