From: Emeric Brun <ebrun@exceliance.fr>
Date: Mon, 3 Sep 2012 10:10:29 +0000 (+0200)
Subject: MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.
X-Git-Tag: v1.5-dev12~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc32acafcd109804dcd198f99ecd1b892a66ffa5;p=thirdparty%2Fhaproxy.git

MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.

This new global setting allows the user to change the SSL cache size in
number of sessions. It defaults to 20000.
---

diff --git a/include/types/global.h b/include/types/global.h
index b55481bfc5..bd8a06e81e 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -97,6 +97,9 @@ struct global {
 		int chksize;       /* check buffer size in bytes, defaults to BUFSIZE */
 		int pipesize;      /* pipe size in bytes, system defaults if zero */
 		int max_http_hdr;  /* max number of HTTP headers, use MAX_HTTP_HDR if zero */
+#ifdef USE_OPENSSL
+		int sslcachesize;  /* SSL cache size in session, defaults to 20000 */
+#endif
 	} tune;
 	struct {
 		char *prefix;           /* path prefix of unix bind socket */
diff --git a/src/cfgparse.c b/src/cfgparse.c
index ca88e8684b..dcc019b940 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -526,6 +526,16 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 		}
 		global.tune.chksize = atol(args[1]);
 	}
+#ifdef USE_OPENSSL
+	else if (!strcmp(args[0], "tune.sslcachesize")) {
+		if (*(args[1]) == 0) {
+			Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
+		global.tune.sslcachesize = atol(args[1]);
+	}
+#endif
 	else if (!strcmp(args[0], "tune.bufsize")) {
 		if (*(args[1]) == 0) {
 			Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
@@ -6704,7 +6714,7 @@ out_uri_auth_compat:
 				SSL_CTX_set_options(listener->ssl_ctx.ctx, ssloptions);
 				SSL_CTX_set_mode(listener->ssl_ctx.ctx, sslmode);
 				SSL_CTX_set_verify(listener->ssl_ctx.ctx, SSL_VERIFY_NONE, NULL);
-				if (shared_context_init(0) < 0) {
+				if (shared_context_init(global.tune.sslcachesize) < 0) {
 					Alert("Unable to allocate SSL session cache.\n");
 					cfgerr++;
 					goto skip_ssl;
diff --git a/src/haproxy.c b/src/haproxy.c
index 764e30f407..adf2614f37 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -125,6 +125,9 @@ struct global global = {
 		.bufsize = BUFSIZE,
 		.maxrewrite = MAXREWRITE,
 		.chksize = BUFSIZE,
+#ifdef USE_OPENSSL
+		.sslcachesize = 20000,
+#endif
 	},
 	/* others NULL OK */
 };