SSL: preserve default server context in connection (ticket #235).

This context is needed for shared sessions cache to work in configurations with multiple virtual servers sharing the same port. Unfortunately, OpenSSL does not provide an API to access the session context, thus storing it separately. In collaboration with Vladimir Homutov.
2025-06-07 17:52:38 +08:00 · 2015-10-19 21:22:38 +03:00 · 2015-10-19 21:22:38 +03:00 · a6befbb40f
commit a6befbb40f
parent 7d2af13f3a
2 changed files with 8 additions and 12 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -1038,6 +1038,8 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
    sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
    sc->buffer_size = ssl->buffer_size;

+    sc->session_ctx = ssl->ctx;
+
    sc->connection = SSL_new(ssl->ctx);

    if (sc->connection == NULL) {
@ -2305,7 +2307,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)

    c = ngx_ssl_get_connection(ssl_conn);

-    ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+    ssl_ctx = c->ssl->session_ctx;
    shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);

    cache = shm_zone->data;
@ -2443,21 +2445,17 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
    ngx_ssl_sess_id_t        *sess_id;
    ngx_ssl_session_cache_t  *cache;
    u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
-#if (NGX_DEBUG)
    ngx_connection_t         *c;
-#endif

    hash = ngx_crc32_short(id, (size_t) len);
    *copy = 0;

-#if (NGX_DEBUG)
    c = ngx_ssl_get_connection(ssl_conn);

    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                   "ssl get session: %08XD:%d", hash, len);
-#endif

-    shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
+    shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
                                   ngx_ssl_session_cache_index);

    cache = shm_zone->data;
@ -2836,13 +2834,14 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
    SSL_CTX                       *ssl_ctx;
    ngx_uint_t                     i;
    ngx_array_t                   *keys;
+    ngx_connection_t              *c;
    ngx_ssl_session_ticket_key_t  *key;
 #if (NGX_DEBUG)
    u_char                         buf[32];
-    ngx_connection_t              *c;
 #endif

-    ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+    c = ngx_ssl_get_connection(ssl_conn);
+    ssl_ctx = c->ssl->session_ctx;

    keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
    if (keys == NULL) {
@ -2851,10 +2850,6 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,

    key = keys->elts;

-#if (NGX_DEBUG)
-    c = ngx_ssl_get_connection(ssl_conn);
-#endif
-
    if (enc == 1) {
        /* encrypt session ticket */

--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@ -46,6 +46,7 @@ typedef struct {

 typedef struct {
    ngx_ssl_conn_t             *connection;
+    SSL_CTX                    *session_ctx;

    ngx_int_t                   last;
    ngx_buf_t                  *buf;