[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
/*****************************************************************************/
/*
SesolaCache.c
Secure Sockets Layer shared session cache.
Note that within the global section no self-relative addresses can be used
(i.e. a linked list cannot be used). All references into the section must be
made relative to the starting address. This is due to the starting address not
being fixed in per-process virtual memory.
Generating SSL session data is expensive and Secure Sockets Layer and OpenSSL
endeavour to reduce the impact of this activity by identifying an individual
session via an opaque handle and caching the associated session data so that
this handle may be used to retrieve it during subsequent requests. This
behaviour is limited to a per-process instance of OpenSSL. Where multiple WASD
instances are sharing requests in a round-robin fashion it is highly likely
that subsequent requests will be processed by a different instance. This will
require a new session to be generated each time the request move to a different
instance.
This module provides an inter-process OpenSSL session cache for instances
executing on the same node to share. It uses an OpenSSL session cache
extension callback that is activated when a session is not found in OpenSSL's
internal cache. Session data is shared between instance processes via global
section shared memory. A very simple linear search based on the session ID is
implemented (this may be improved in later releases).
I'm indebted to the ideas for inter-process session caching contained in Ralf
Engelschall's Apache MOD_SSL package. Without this a lot more time would have
been spent working out how it needed to be implemented by examining OpenSSL's
code. (Though don't blame him for any of my poor practices.)
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com
VERSION HISTORY
---------------
03-AUG-2016 MGD OpenSSL v1.1.0(-pre6) required a minor code tweak
14-FEB-2008 MGD if the entry has not timed-out then the cache was full
22-MAY-2007 JPP bugfix; SesolaCacheGblSecInit()
11-APR-2007 MGD make instance cache same size as session cache
11-MAY-2006 MGD bugfix; non-SSL SesolaCacheInit() should return not bugcheck!
22-APR-2006 MGD bugfix; SesolaCacheAddRecord() record count increment
28-MAR-2006 MGD SesolaCacheInit() in conjunction with AuthConfigInit()
noting the presence of any X509 realm, automatically
adjusts multi-instance, SSL session cache record size
to accomodate potential client certificate
27-JUL-2003 MGD bugfix; SesolaCacheAddRecord() oldest tick second
08-AUG-2002 MGD bump SESOLA_DEFAULT_CACHE_RECORD_SIZE up to 1024
06-AUG-2002 MGD enhance global section creation
21-OCT-2001 MGD shared session cache for "instance" support
*/
/*****************************************************************************/
#ifdef WASD_VMS_V7
#undef _VMS__V6__SOURCE
#define _VMS__V6__SOURCE
#undef __VMS_VER
#define __VMS_VER 70000000
#undef __CRTL_VER
#define __CRTL_VER 70000000
#endif
/* standard C header files */
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <secdef.h>
/* VMS related header files */
#include <ssdef.h>
#include <stsdef.h>
/* application header files */
#define SESOLA_REQUIRED
#include "Sesola.h"
#define WASD_MODULE "SESOLACACHE"
/***************************************/
#ifdef SESOLA /* secure sockets layer */
/***************************************/
/******************/
/* global storage */
/******************/
int SesolaCacheRecordMax,
SesolaCacheRecordSize,
SesolaCacheSize,
SesolaCacheTimeoutSeconds;
SESOLA_GBLSEC *SesolaGblSecPtr;
int SesolaGblSecPages,
SesolaGblSecSize;
/********************/
/* external storage */
/********************/
extern BOOL AuthRealmX509;
extern int ExitStatus,
GblPageCount,
GblSectionCount,
HttpdTickSecond,
InstanceEnvNumber,
InstanceNodeConfig,
ProtocolHttpsConfigured,
SesolaGblSecVersion,
SesolaSessionCacheSize,
SesolaSessionCacheTimeout;
extern unsigned long GblSecPrvMask [];
extern char ErrorSanityCheck[],
SoftwareID[];
extern BIO *SesolaBioMemPtr;
extern CONFIG_STRUCT Config;
extern HTTPD_PROCESS HttpdProcess;
extern SYS_INFO SysInfo;
extern WATCH_STRUCT Watch;
/*****************************************************************************/
/*
*/
SesolaCacheInit ()
{
int cnt, status;
SESOLA_SESSION_CREC *scrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchThis (WATCHALL, WATCH_MOD_SESOLA, "SesolaCacheInit()");
if (InstanceNodeConfig <= 1) return;
if (!SesolaSessionCacheSize) return;
/* if there was no SSL service configured */
if (!ProtocolHttpsConfigured) return;
if (!SesolaCacheRecordMax)
SesolaCacheRecordMax = SesolaSessionCacheSize;
if (SesolaCacheRecordMax < SESOLA_DEFAULT_CACHE_RECORD_MAX)
SesolaCacheRecordMax = SESOLA_DEFAULT_CACHE_RECORD_MAX;
if (!SesolaCacheRecordSize)
if (AuthRealmX509)
SesolaCacheRecordSize = SESOLA_DEFAULT_CACHE_RECORD_X509;
else
SesolaCacheRecordSize = SESOLA_DEFAULT_CACHE_RECORD_SIZE;
/* let's round it to a 64 byte chunk */
if (SesolaCacheRecordSize % 64)
SesolaCacheRecordSize = ((SesolaCacheRecordSize / 64) + 1) * 64;
/* session cache timeout unit is minutes */
if (!SesolaCacheTimeoutSeconds)
SesolaCacheTimeoutSeconds = SesolaSessionCacheTimeout * 60;
if (!SesolaCacheTimeoutSeconds)
SesolaCacheTimeoutSeconds = SESOLA_DEFAULT_CACHE_TIMEOUT * 60;
SesolaCacheGblSecInit ();
}
/*****************************************************************************/
/*
If only one instance can execute (from configuration) then allocate a block of
process-local dynamic memory and point to that as the cache. If multiple
instances create and map a global section and point to that.
*/
int SesolaCacheGblSecInit ()
{
/* global, allocate space, system, in page file, writable */
static int CreFlags = SEC$M_GBL | SEC$M_EXPREG | SEC$M_SYSGBL |
SEC$M_PAGFIL | SEC$M_WRT;
static int DelFlags = SEC$M_SYSGBL;
/* system & owner full access, group and world no access */
static unsigned long ProtectionMask = 0xff00;
/* it is recommended to map into any virtual address in the region (P0) */
static unsigned long InAddr [2] = { 0x200, 0x200 };
int attempt, status,
CacheRecordPoolSize,
GblSecPages,
PageCount,
SetPrvStatus;
short ShortLength;
unsigned long RetAddr [2];
char GblSecName [32];
$DESCRIPTOR (GblSecNameDsc, GblSecName);
SESOLA_GBLSEC *gsptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchThis (WATCHALL, WATCH_MOD_SESOLA, "SesolaCacheGblSecInit()");
CacheRecordPoolSize = SesolaCacheRecordSize * SesolaCacheRecordMax;
SesolaGblSecSize = sizeof(SESOLA_GBLSEC) + CacheRecordPoolSize;
SesolaGblSecPages = SesolaGblSecSize / 512;
if (SesolaGblSecSize & 0x1ff) SesolaGblSecPages++;
FaoToBuffer (GblSecName, sizeof(GblSecName), &ShortLength,
GBLSEC_NAME_FAO, HTTPD_NAME, SESOLA_GBLSEC_VERSION_NUMBER,
InstanceEnvNumber, "SESOLA");
GblSecNameDsc.dsc$w_length = ShortLength;
for (attempt = 1; attempt <= 2; attempt++)
{
/* create and/or map the specified global section */
sys$setprv (1, &GblSecPrvMask, 0, 0);
status = sys$crmpsc (&InAddr, &RetAddr, 0, CreFlags,
&GblSecNameDsc, 0, 0, 0, SesolaGblSecPages, 0,
ProtectionMask, SesolaGblSecPages);
sys$setprv (0, &GblSecPrvMask, 0, 0);
if (WATCH_MODULE(WATCH_MOD__OTHER))
WatchThis (WATCHALL, WATCH_MOD__OTHER,
"sys$crmpsc() !&S begin:!UL end:!UL",
status, RetAddr[0], RetAddr[1]);
PageCount = (RetAddr[1]+1) - RetAddr[0] >> 9;
SesolaGblSecPtr = gsptr = (SESOLA_GBLSEC*)RetAddr[0];
SesolaGblSecPages = PageCount;
if (VMSnok (status) || status == SS$_CREATED) break;
/* section already exists, break if 'same size' and version! */
if (gsptr->GblSecVersion &&
gsptr->GblSecVersion == SesolaGblSecVersion &&
gsptr->GblSecLength == SesolaGblSecSize)
break;
/* delete the current global section, have one more attempt */
sys$setprv (1, &GblSecPrvMask, 0, 0);
status = sys$dgblsc (DelFlags, &GblSecNameDsc, 0);
sys$setprv (0, &GblSecPrvMask, 0, 0);
status = SS$_IDMISMATCH;
}
if (VMSnok (status))
{
/* must have this global section! */
char String [256];
FaoToBuffer (String, sizeof(String), NULL,
"1 global section, !UL global pages", SesolaGblSecPages);
ErrorExitVmsStatus (status, String, FI_LI);
}
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"GBLSEC \"!AZ\" page(let)s:!UL !&S",
GblSecName, PageCount, status);
FaoToStdout ("%HTTPD-I-SSL, \
session cache for !UL records of !UL bytes \
in !AZ global section of !UL page(let)s\n",
SesolaCacheRecordMax, SesolaCacheRecordSize,
status == SS$_CREATED ? "a new" : "an existing",
SesolaGblSecPages);
if (status == SS$_CREATED)
{
/* first time it's been mapped */
memset (gsptr, 0, PageCount * 512);
gsptr->GblSecVersion = SesolaGblSecVersion;
gsptr->GblSecLength = SesolaGblSecSize;
sys$gettim (&SesolaGblSecPtr->SinceTime64);
}
GblSectionCount++;
GblPageCount += PageCount;
return (status);
}
/*****************************************************************************/
/*
This is an OpenSSL callback activated when OpenSSL wishes to put a session into
the external cache (when adding one to it's own internal cache). First search
the cache for an existing record. If found just reuse it. Next look for an
empty record while keeping track of the oldest record. If and empty one is
found use that, otherwise the oldest.
*/
int SesolaCacheAddRecord
(
SSL *SslPtr,
SSL_SESSION *SessionPtr
)
{
int cnt, datlen, idlen, status,
OldestTickSecond,
RecordCount;
unsigned char SessData [SSL_SESSION_MAX_DER];
unsigned char *idptr, *sdptr,
*RecordPoolPtr;
SESOLA_SESSION_CREC *scrptr,
*scr2ptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchThis (WATCHALL, WATCH_MOD_SESOLA,
"SesolaCacheAddRecord() !UL",
SesolaGblSecPtr->CacheRecordCount);
idptr = SSL_SESSION_get_id (SessionPtr, &idlen);
InstanceMutexLock (INSTANCE_MUTEX_SSL_CACHE);
RecordCount = SesolaGblSecPtr->CacheRecordCount;
RecordPoolPtr = SesolaGblSecPtr->CacheRecordPool;
/* does it already exist? */
for (cnt = 0; cnt < RecordCount; cnt++)
{
scrptr = RecordPoolPtr + (SesolaCacheRecordSize * cnt);
if (!MATCH4 (idptr, scrptr->SessId)) continue;
if (!MATCH0 (idptr, scrptr->SessId, idlen)) continue;
/* yes it does exist, "ll just write over the top!! */
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchDataFormatted ("EXISTS !UL !#&h !%D !UL\n",
scrptr->SessDataLength, scrptr->SessIdLength,
scrptr->SessId, &scrptr->CachedTime64,
scrptr->TimeoutTickSecond);
break;
}
OldestTickSecond = HttpdTickSecond + 999999;
if (cnt >= RecordCount)
{
/* find first free or timed-out record, while checking for oldest */
scr2ptr = NULL;
for (cnt = 0; cnt < SesolaCacheRecordMax; cnt++)
{
scrptr = RecordPoolPtr + (SesolaCacheRecordSize * cnt);
if (*(ULONGPTR)scrptr->SessId &&
scrptr->TimeoutTickSecond > HttpdTickSecond)
{
if (scrptr->TimeoutTickSecond < OldestTickSecond)
{
OldestTickSecond = scrptr->TimeoutTickSecond;
scr2ptr = scrptr;
}
continue;
}
/* if it's the first use of the record */
if (!scrptr->TimeoutTickSecond) SesolaGblSecPtr->CacheRecordCount++;
break;
}
if (cnt >= SesolaCacheRecordMax)
{
/* all entries in use, reuse the least recently accessed */
if (!scr2ptr)
{
ErrorNoticed (NULL, SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return (0);
}
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchDataFormatted ("REUSE !UL !#&h !%D !UL\n",
scr2ptr->SessDataLength, scr2ptr->SessIdLength,
scr2ptr->SessId, &scr2ptr->CachedTime64,
scrptr->TimeoutTickSecond);
/* if the entry has not timed-out then the cache was full */
if (scr2ptr->TimeoutTickSecond > HttpdTickSecond)
SesolaGblSecPtr->CacheFullCount++;
scrptr = scr2ptr;
memset (scrptr, 0, SesolaCacheRecordSize);
}
}
sdptr = SessData;
datlen = i2d_SSL_SESSION (SessionPtr, &sdptr);
if (datlen > SesolaCacheRecordSize - sizeof(SESOLA_SESSION_CREC))
{
char String [256];
FaoToBuffer (String, sizeof(String), NULL,
"!UL byte session too large for !UL byte cache record",
datlen, SesolaCacheRecordSize);
ErrorNoticed (NULL, SS$_RESULTOVF, String, FI_LI);
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return (0);
}
scrptr->SessDataLength = datlen;
memcpy (&scrptr->SessData, SessData, datlen);
scrptr->SessIdLength = idlen;
memcpy (&scrptr->SessId, idptr, idlen);
sys$gettim (&scrptr->CachedTime64);
scrptr->TimeoutTickSecond = HttpdTickSecond + SesolaCacheTimeoutSeconds;
if (WATCH_MODULE(WATCH_MOD_SESOLA))
{
char String [1024];
SSL_SESSION_print (SesolaBioMemPtr, SessionPtr);
BIO_read (SesolaBioMemPtr, String, sizeof(String));
BIO_reset (SesolaBioMemPtr);
WatchDataFormatted ("!UL !#&h !%D\n!AZ",
scrptr->SessDataLength, scrptr->SessIdLength,
scrptr->SessId, &scrptr->CachedTime64, String);
}
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return (0);
}
/*****************************************************************************/
/*
This is an OpenSSL callback activated when OpenSSL does not find a session in
it's own internal cache. Search for the record identified by 'idptr'. If not
found return a NULL. If found un-stream the stored session data into a new
session structure and return a pointer to that.
*/
SSL_SESSION* SesolaCacheFindRecord
(
SSL *SslPtr,
unsigned char *idptr,
int idlen,
int *CopyPtr
)
{
int cnt, datlen, status,
RecordCount;
int64 CachedTime64;
unsigned char SessData [SSL_SESSION_MAX_DER];
unsigned char *sdptr,
*RecordPoolPtr;
SSL_SESSION *SessionPtr;
SESOLA_SESSION_CREC *scrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchThis (WATCHALL, WATCH_MOD_SESOLA,
"SesolaCacheFindRecord() !UL !#&h",
SesolaGblSecPtr->CacheRecordCount, idlen, idptr);
/* we have no reference to any session returned */
*CopyPtr = 0;
InstanceMutexLock (INSTANCE_MUTEX_SSL_CACHE);
RecordCount = SesolaGblSecPtr->CacheRecordCount;
RecordPoolPtr = SesolaGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
scrptr = RecordPoolPtr + (SesolaCacheRecordSize * cnt);
if (!MATCH4 (idptr, scrptr->SessId)) continue;
if (!MATCH0 (idptr, scrptr->SessId, idlen)) continue;
break;
}
if (cnt < RecordCount)
{
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchDataFormatted ("HIT!&?-TIMEOUT\r\r !UL !#&h !%D !UL !UL\n",
HttpdTickSecond > scrptr->TimeoutTickSecond,
scrptr->SessDataLength, scrptr->SessIdLength,
scrptr->SessId, &scrptr->CachedTime64,
scrptr->TimeoutTickSecond, HttpdTickSecond);
if (HttpdTickSecond > scrptr->TimeoutTickSecond)
{
/* session has timed-out */
SesolaGblSecPtr->CacheTimeoutCount++;
/* indicate an invalid session with a leading longword of zero */
*(ULONGPTR)scrptr->SessId = 0;
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return (NULL);
}
SesolaGblSecPtr->CacheHitCount++;
datlen = scrptr->SessDataLength;
memcpy (&SessData, &scrptr->SessData, datlen);
CachedTime64 = scrptr->CachedTime64;
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
sdptr = SessData;
SessionPtr = d2i_SSL_SESSION (NULL, &sdptr, datlen);
if (WATCH_MODULE(WATCH_MOD_SESOLA))
{
char String [1024];
SSL_SESSION_print (SesolaBioMemPtr, SessionPtr);
BIO_read (SesolaBioMemPtr, String, sizeof(String));
BIO_reset (SesolaBioMemPtr);
WatchDataFormatted ("!UL !#&h !%D\n!AZ",
scrptr->SessDataLength, scrptr->SessIdLength,
scrptr->SessId, &scrptr->CachedTime64, String);
}
return (SessionPtr);
}
SesolaGblSecPtr->CacheMissCount++;
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return (NULL);
}
/*****************************************************************************/
/*
Search for the record identified by 'SessionPtr' session id. If found zero the
first longword of the cached ID to indicate it's no longer in use.
*/
SesolaCacheRemoveRecord
(
SSL_CTX *SslCtx,
SSL_SESSION *SessionPtr
)
{
int cnt, idlen, status,
RecordCount;
unsigned char *idptr,
*RecordPoolPtr;
SESOLA_SESSION_CREC *scrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchThis (WATCHALL, WATCH_MOD_SESOLA,
"SesolaCacheRemoveRecord() !UL",
SesolaGblSecPtr->CacheRecordCount);
idptr = SSL_SESSION_get_id (SessionPtr, &idlen);
InstanceMutexLock (INSTANCE_MUTEX_SSL_CACHE);
RecordCount = SesolaGblSecPtr->CacheRecordCount;
RecordPoolPtr = SesolaGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
scrptr = RecordPoolPtr + (SesolaCacheRecordSize * cnt);
if (!MATCH4 (idptr, scrptr->SessId)) continue;
if (!MATCH0 (idptr, scrptr->SessId, idlen)) continue;
break;
}
if (cnt >= RecordCount)
{
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
return;
}
if (WATCH_MODULE(WATCH_MOD_SESOLA))
WatchDataFormatted ("!UL !#&h !%D",
scrptr->SessDataLength, scrptr->SessIdLength,
scrptr->SessId, &scrptr->CachedTime64);
/* indicate an invalid session with a leading longword of zero */
*(ULONGPTR)scrptr->SessId = 0;
InstanceMutexUnLock (INSTANCE_MUTEX_SSL_CACHE);
}
/*****************************************************************************/
/*
Called by SesolaReport().
*/
SesolaCacheStats (REQUEST_STRUCT *rqptr)
{
static char StatsFao [] =
"<tr><th>Instance Cache:</th><td>\
<table class=\"rghtlft\">\n\
<tr><th>Size:</th>\
<td>!UL records of !UL bytes</td></tr>\n\
<tr><th>Current:</th><td>!UL</td></tr>\n\
<tr><th>Full:</th><td>!UL</td></tr>\n\
<tr><th>Hits:</th><td>!UL</td></tr>\n\
<tr><th>Misses:</th><td>!UL</td></tr>\n\
<tr><th>Timeouts:</th><td>!UL</td></tr>\n\
</table>\n\
</td></tr>\n";
int status;
unsigned long FaoVector [16];
unsigned long *vecptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_SESOLA))
WatchThis (WATCHITM(rqptr), WATCH_MOD_SESOLA, "SesolaCacheStats()");
if (InstanceNodeConfig <= 1) return;
if (!SesolaSessionCacheSize) return;
InstanceMutexLock(INSTANCE_MUTEX_SSL_CACHE);
vecptr = FaoVector;
*vecptr++ = SesolaCacheRecordMax;
*vecptr++ = SesolaCacheRecordSize;
*vecptr++ = SesolaGblSecPtr->CacheRecordCount;
*vecptr++ = SesolaGblSecPtr->CacheFullCount;
*vecptr++ = SesolaGblSecPtr->CacheHitCount;
*vecptr++ = SesolaGblSecPtr->CacheMissCount;
*vecptr++ = SesolaGblSecPtr->CacheTimeoutCount;
status = FaolToNet (rqptr, StatsFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (NULL, status, NULL, FI_LI);
InstanceMutexUnLock(INSTANCE_MUTEX_SSL_CACHE);
}
/*****************************************************************************/
/*
For compilations without SSL these functions provide LINKage stubs for the
rest of the HTTPd modules, allowing for just recompiling the Sesola module to
integrate the SSL functionality.
*/
/*********************/
#else /* not SESOLA */
/*********************/
/* external storage */
extern char ErrorSanityCheck[];
extern WATCH_STRUCT Watch;
SesolaCacheInit ()
{
return;
}
/************************/
#endif /* ifdef SESOLA */
/************************/
/*****************************************************************************/