From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 9 Jan 2025 10:18:31 +0000 (+0100)
Subject: ssl session cache: change cache dimensions
X-Git-Tag: curl-8_12_0~159
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=34cebd87353aa19502cc494b30d1f0c11c635524;p=thirdparty%2Fcurl.git

ssl session cache: change cache dimensions

Use a larger one when shared.

Closes #15953
---

diff --git a/lib/share.c b/lib/share.c
index 8194aa8649..4145e0c653 100644
--- a/lib/share.c
+++ b/lib/share.c
@@ -110,7 +110,12 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
     case CURL_LOCK_DATA_SSL_SESSION:
 #ifdef USE_SSL
       if(!share->ssl_scache) {
-        if(Curl_ssl_scache_create(8, 2, &share->ssl_scache))
+        /* There is no way (yet) for the application to configure the
+         * session cache size, shared between many transfers. As for curl
+         * itself, a high session count will impact startup time. Also, the
+         * scache is not optimized for several hundreds of peers. So,
+         * keep it at a reasonable level. */
+        if(Curl_ssl_scache_create(25, 2, &share->ssl_scache))
           res = CURLSHE_NOMEM;
       }
 #else
diff --git a/lib/transfer.c b/lib/transfer.c
index 6fbe4487f3..66756788b3 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -568,8 +568,10 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
 
 #ifdef USE_SSL
   if(!data->state.ssl_scache) {
-    result = Curl_ssl_scache_create(data->set.general_ssl.max_ssl_sessions,
-                                    2, &data->state.ssl_scache);
+    /* There was no ssl session cache set via a share, so we create
+     * one just for this transfer alone. Most transfers talk to just
+     * one host, but redirects may involve several occasionally. */
+    result = Curl_ssl_scache_create(3, 2, &data->state.ssl_scache);
     if(result)
       return result;
   }
diff --git a/lib/url.c b/lib/url.c
index ea0298ac6a..001989d186 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -382,8 +382,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
 #endif
   set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
 
-  /* Set the default size of the SSL session ID cache */
-  set->general_ssl.max_ssl_sessions = 5;
   /* Timeout every 24 hours by default */
   set->general_ssl.ca_cache_timeout = 24 * 60 * 60;
 
diff --git a/lib/urldata.h b/lib/urldata.h
index 6cd18ad928..224167f7f0 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -315,7 +315,6 @@ struct ssl_config_data {
 };
 
 struct ssl_general_config {
-  size_t max_ssl_sessions; /* SSL session id cache size */
   int ca_cache_timeout;  /* Certificate store cache timeout (seconds) */
 };