Cache result of parsing server/client tls configs, so we don't have to do it

author Matthew Newton <mcn4@leicester.ac.uk>

Wed, 29 Feb 2012 08:23:35 +0000 (08:23 +0000)

committer Alan T. DeKok <aland@freeradius.org>

Sun, 4 Mar 2012 09:24:23 +0000 (10:24 +0100)
author Matthew Newton <mcn4@leicester.ac.uk>
Wed, 29 Feb 2012 08:23:35 +0000 (08:23 +0000)
committer Alan T. DeKok <aland@freeradius.org>
Sun, 4 Mar 2012 09:24:23 +0000 (10:24 +0100)
diff --git a/src/include/tls.h b/src/include/tls.h

index 2d78709a62a08c1f6f59863778823228ca117cc9..68bbf37176a2328376cb10829aee911af8f5af04 100644 (file)
--- a/src/include/tls.h
+++ b/src/include/tls.h
@@ -299,7 +299,6 @@ tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request,
  tls_session_t  *tls_new_client_session(fr_tls_server_conf_t *conf, int fd);
  fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
  fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
-void tls_server_conf_free(fr_tls_server_conf_t *conf);
  int            tls_handshake_recv(REQUEST *, tls_session_t *ssn);
  int            tls_handshake_send(REQUEST *, tls_session_t *ssn);
  void           tls_session_information(tls_session_t *ssn);
diff --git a/src/main/listen.c b/src/main/listen.c

index 9769bae543c77077144e756e55fceaf83c233299..eb13b67a8e3658ac7148243959f32ac594f5b543 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -2978,10 +2978,6 @@ void listen_free(rad_listen_t **head)
                         master_listen[this->type].free(this);
                 }
  
-#ifdef WITH_TLS
-               if (this->tls) tls_server_conf_free(this->tls);         
-#endif
-
  #ifdef WITH_TCP
                 if ((this->type == RAD_LISTEN_AUTH)
  #ifdef WITH_ACCT
diff --git a/src/main/realms.c b/src/main/realms.c

index 9c8b9fb28c6030aa5b0086d7da7a56de8149d2c9..fd8e012f6e00af05208e979c25d10ead7abf2194 100644 (file)
--- a/src/main/realms.c
+++ b/src/main/realms.c
@@ -132,11 +132,6 @@ static void home_server_free(void *data)
  {
         home_server *home = data;
  
-#ifdef WITH_TLS
-       tls_server_conf_free(home->tls);
-       home->tls = NULL;
-#endif
-
         free(home);
  }
  
diff --git a/src/main/tls.c b/src/main/tls.c

index ecc36ce67de3700356f3a9156f808d28a3fedfc3..041630853140d349152998b37f5d7d342e0e9859 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -43,6 +43,8 @@ RCSID("$Id$")
  #include <openssl/ocsp.h>
  #endif
  
+static void tls_server_conf_free(fr_tls_server_conf_t *conf);
+
  /* record */
  static void            record_init(record_t *buf);
  static void            record_close(record_t *buf);
@@ -2056,7 +2058,13 @@ post_ca:
  }
  
  
-void tls_server_conf_free(fr_tls_server_conf_t *conf)
+/*
+ *     Free TLS client/server config
+ *     Should not be called outside this code, as a callback is
+ *     added to automatically free the data when the CONF_SECTION
+ *     is freed.
+ */
+static void tls_server_conf_free(fr_tls_server_conf_t *conf)
  {
         if (!conf) return;
  
@@ -2078,6 +2086,16 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
  {
         fr_tls_server_conf_t *conf;
  
+       /*
+        *      If cs has already been parsed there should be a cached copy
+        *      of conf already stored, so just return that.
+        */
+       conf = cf_data_find(cs, "tls-conf");
+       if (conf) {
+               DEBUG(" debug: Using cached TLS configuration from previous invocation");
+               return conf;
+       }
+
         conf = malloc(sizeof(*conf));
         if (!conf) {
                 radlog(L_ERR, "Out of memory");
@@ -2164,6 +2182,11 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
                 goto error;
         }
  
+       /*
+        *      Cache conf in cs in case we're asked to parse this again.
+        */
+       cf_data_add(cs, "tls-conf", conf, (void *)(void *) tls_server_conf_free);
+
         return conf;
  }
  
@@ -2171,6 +2194,12 @@ fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs)
  {
         fr_tls_server_conf_t *conf;
  
+       conf = cf_data_find(cs, "tls-conf");
+       if (conf) {
+               DEBUG(" debug: Using cached TLS configuration from previous invocation");
+               return conf;
+       }
+
         conf = malloc(sizeof(*conf));
         if (!conf) {
                 radlog(L_ERR, "Out of memory");
@@ -2205,6 +2234,8 @@ fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs)
                 goto error;
          }
  
+       cf_data_add(cs, "tls-conf", conf, (void *)(void *) tls_server_conf_free);
+
         return conf;
  }
  
diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

index 6ec6267a428cc70f78c18ff93f169204ebccb0c5..cdb057290d96511398e8d3a8640c1b53703d77f7 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -48,7 +48,6 @@ RCSID("$Id$")
   */
  static int eaptls_detach(void *arg)
  {
-       tls_server_conf_free(arg);
         return 0;
  }
author	Matthew Newton <mcn4@leicester.ac.uk>
	Wed, 29 Feb 2012 08:23:35 +0000 (08:23 +0000)
committer	Alan T. DeKok <aland@freeradius.org>
	Sun, 4 Mar 2012 09:24:23 +0000 (10:24 +0100)
src/include/tls.h		patch \| blob \| blame \| history
src/main/listen.c		patch \| blob \| blame \| history
src/main/realms.c		patch \| blob \| blame \| history
src/main/tls.c		patch \| blob \| blame \| history
src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c		patch \| blob \| blame \| history