MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.

This new global setting allows the user to change the SSL cache size in
number of sessions. It defaults to 20000.

diff --git a/include/types/global.h b/include/types/global.h
index b55481bfc5faa471c711baa9cf0392de2534881b..bd8a06e81e5c50fd1ee98eeee04cabe55132c5a3 100644 (file)
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -97,6 +97,9 @@ struct global {
                int chksize;       /* check buffer size in bytes, defaults to BUFSIZE */
                int pipesize;      /* pipe size in bytes, system defaults if zero */
                int max_http_hdr;  /* max number of HTTP headers, use MAX_HTTP_HDR if zero */
+#ifdef USE_OPENSSL
+               int sslcachesize;  /* SSL cache size in session, defaults to 20000 */
+#endif
        } tune;
        struct {
                char *prefix;           /* path prefix of unix bind socket */

diff --git a/src/cfgparse.c b/src/cfgparse.c
index ca88e8684ba23939504d0422391b2147c99ec122..dcc019b940f9049b742b6d783a3ebeec6e3f032d 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -526,6 +526,16 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
                }
                global.tune.chksize = atol(args[1]);
        }
+#ifdef USE_OPENSSL
+       else if (!strcmp(args[0], "tune.sslcachesize")) {
+               if (*(args[1]) == 0) {
+                       Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
+               global.tune.sslcachesize = atol(args[1]);
+       }
+#endif
        else if (!strcmp(args[0], "tune.bufsize")) {
                if (*(args[1]) == 0) {
                        Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
@@ -6704,7 +6714,7 @@ out_uri_auth_compat:
                                SSL_CTX_set_options(listener->ssl_ctx.ctx, ssloptions);
                                SSL_CTX_set_mode(listener->ssl_ctx.ctx, sslmode);
                                SSL_CTX_set_verify(listener->ssl_ctx.ctx, SSL_VERIFY_NONE, NULL);
-                               if (shared_context_init(0) < 0) {
+                               if (shared_context_init(global.tune.sslcachesize) < 0) {
                                        Alert("Unable to allocate SSL session cache.\n");
                                        cfgerr++;
                                        goto skip_ssl;

diff --git a/src/haproxy.c b/src/haproxy.c
index 764e30f4078c429e290544806229d2d03af1b4cc..adf2614f37b4b10ee94f9c3d03fcbf4152187f05 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -125,6 +125,9 @@ struct global global = {
                .bufsize = BUFSIZE,
                .maxrewrite = MAXREWRITE,
                .chksize = BUFSIZE,
+#ifdef USE_OPENSSL
+               .sslcachesize = 20000,
+#endif
        },
        /* others NULL OK */
 };