Non-intrusive but significant performance improvement when Squid is running

as a https reverse proxy (ssl enabled peers), allowing Squid to reuse the
same SSL session.

diff --git a/src/forward.cc b/src/forward.cc
index 519bc9f96a4e797ebedac553903c1beda223c052..b62a9d31be4e0cb47ddf4041d8d9bbd5aee4c93b 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: forward.cc,v 1.111 2003/08/16 20:33:47 hno Exp $
+ * $Id: forward.cc,v 1.112 2003/08/18 12:24:45 hno Exp $
  *
  * DEBUG: section 17    Request Forwarding
  * AUTHOR: Duane Wessels
@@ -314,6 +314,13 @@ fwdNegotiateSSL(int fd, void *data)
         }
     }
 
+    if (fs->_peer && !SSL_session_reused(ssl)) {
+        if (fs->_peer->sslSession)
+            SSL_SESSION_free(fs->_peer->sslSession);
+
+        fs->_peer->sslSession = SSL_get1_session(ssl);
+    }
+
     fwdDispatch(fwdState);
 }
 
@@ -362,6 +369,10 @@ fwdInitiateSSL(FwdState * fwdState)
 
         else
             SSL_set_ex_data(ssl, ssl_ex_index_server, peer->host);
+
+        if (peer->sslSession)
+            SSL_set_session(ssl, peer->sslSession);
+
     } else {
         SSL_set_ex_data(ssl, ssl_ex_index_server, fwdState->request->host);
     }

diff --git a/src/structs.h b/src/structs.h
index 94948fb05a330f308b212e6cda797b290bd8ed43..4b31b626719bff3919a1707599e3f0c8a4ffc015 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.479 2003/08/13 00:17:26 robertc Exp $
+ * $Id: structs.h,v 1.480 2003/08/18 12:24:45 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1383,6 +1383,7 @@ unsigned int counting:
     char *sslflags;
     char *ssldomain;
     SSL_CTX *sslContext;
+    SSL_SESSION *sslSession;
 #endif
 
     int front_end_https;