[1/2] trafficserver git commit: TS-3312: KA timeout to origin does not seem to honor configurations
Repository: trafficserver Updated Branches: refs/heads/master 4361f4d0d -> b416a1dfa TS-3312: KA timeout to origin does not seem to honor configurations Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/9acfba0a Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/9acfba0a Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/9acfba0a Branch: refs/heads/master Commit: 9acfba0a911c374c5fb1c4171d0041ebeafd3f33 Parents: 4361f4d Author: Dzmitry Markovich Authored: Wed Mar 11 17:57:41 2015 -0700 Committer: Brian Geffon Committed: Wed Mar 11 17:57:41 2015 -0700 -- proxy/http/HttpSessionManager.cc | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/9acfba0a/proxy/http/HttpSessionManager.cc -- diff --git a/proxy/http/HttpSessionManager.cc b/proxy/http/HttpSessionManager.cc index 101955b..c650ab6 100644 --- a/proxy/http/HttpSessionManager.cc +++ b/proxy/http/HttpSessionManager.cc @@ -120,8 +120,14 @@ ServerSessionPool::releaseSession(HttpServerSession* ss) // Transfer control of the write side as well ss->do_io_write(this, 0, NULL); - // we probably don't need the active timeout set, but will leave it for now - ss->get_netvc()->set_inactivity_timeout(ss->get_netvc()->get_inactivity_timeout()); + HttpConfigParams *http_config_params = HttpConfig::acquire(); + + // when placing the session to the shared pool we have to set the time out to + // keep_alive_no_activity_timeout_out and not to transaction_no_activity_timeout_out, + // since there is no transaction pending at this point. + // Once there is an active transaction on this connection, inactivity timeout will be + // overwritten to transaction_no_activity_timeout_out + ss->get_netvc()->set_inactivity_timeout(HRTIME_SECONDS(http_config_params->oride.keep_alive_no_activity_timeout_out)); ss->get_netvc()->set_active_timeout(ss->get_netvc()->get_active_timeout()); // put it in the pools. m_ip_pool.insert(ss);
[2/2] trafficserver git commit: TS-3312: Updating Changes
TS-3312: Updating Changes Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b416a1df Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b416a1df Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b416a1df Branch: refs/heads/master Commit: b416a1dfac7d3d406a97f7b3b3321906ce481810 Parents: 9acfba0 Author: Brian Geffon Authored: Wed Mar 11 17:58:03 2015 -0700 Committer: Brian Geffon Committed: Wed Mar 11 17:58:03 2015 -0700 -- CHANGES | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b416a1df/CHANGES -- diff --git a/CHANGES b/CHANGES index cc83148..8ce88b7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.0 + *) [TS-3312] KA timeout to origin does not seem to honor configurations + *) [TS-3437] Make DH params configurable *) [TS-3342] Non-standard method in bad request can cause crash
[1/3] trafficserver git commit: TS-3437: Make DH params configurable
Repository: trafficserver
Updated Branches:
refs/heads/master 66bdd406f -> 4361f4d0d
TS-3437: Make DH params configurable
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/091b59ca
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/091b59ca
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/091b59ca
Branch: refs/heads/master
Commit: 091b59ca3f772ebc4a6cbc832b57fb0794c6b82e
Parents: 66bdd40
Author: Brian Geffon
Authored: Wed Mar 11 15:16:07 2015 -0700
Committer: Brian Geffon
Committed: Wed Mar 11 15:16:07 2015 -0700
--
iocore/net/P_SSLConfig.h | 1 +
iocore/net/SSLConfig.cc | 2 ++
iocore/net/SSLUtils.cc | 4 +++-
mgmt/RecordsConfig.cc| 2 ++
4 files changed, 8 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/091b59ca/iocore/net/P_SSLConfig.h
--
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index cda2dcb..376036d 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -81,6 +81,7 @@ struct SSLConfigParams : public ConfigInfo
char * clientKeyPath;
char * clientCACertFilename;
char * clientCACertPath;
+ int enable_dhparams;
int clientVerify;
int client_verify_depth;
longssl_ctx_options;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/091b59ca/iocore/net/SSLConfig.cc
--
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 627ccd2..1e1c0df 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -74,6 +74,7 @@ SSLConfigParams::SSLConfigParams()
clientCertLevel = client_verify_depth = verify_depth = clientVerify = 0;
+ enable_dhparams = 0;
ssl_ctx_options = 0;
ssl_client_ctx_protocols = 0;
ssl_session_cache = SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL;
@@ -159,6 +160,7 @@ SSLConfigParams::initialize()
REC_ReadConfigStringAlloc(cipherSuite,
"proxy.config.ssl.server.cipher_suite");
REC_ReadConfigStringAlloc(client_cipherSuite,
"proxy.config.ssl.client.cipher_suite");
dhparamsFile =
RecConfigReadConfigPath("proxy.config.ssl.server.dhparams_file");
+ REC_ReadConfigInt32(enable_dhparams,
"proxy.config.ssl.client.enable_dhparams");
int options;
int client_ssl_options;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/091b59ca/iocore/net/SSLUtils.cc
--
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 361d344..83ce5e5 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1473,8 +1473,10 @@ SSLInitServerContext(const SSLConfigParams * params,
const ssl_user_config & ssl
SSL_CTX_set_default_passwd_cb_userdata(CTX, NULL);\
}
SSL_CLEAR_PW_REFERENCES(ud,ctx)
- if (!ssl_context_enable_dhe(params->dhparamsFile, ctx)) {
+ if (params->enable_dhparams && !ssl_context_enable_dhe(params->dhparamsFile,
ctx)) {
goto fail;
+ } else if (!params->enable_dhparams) {
+Debug("ssl", "Not using dhparams");
}
return ssl_context_enable_ecdh(ctx);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/091b59ca/mgmt/RecordsConfig.cc
--
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index b360aa0..76d6cb2 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1322,6 +1322,8 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.allow_client_renegotiation", RECD_INT, "0",
RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
+ {RECT_CONFIG, "proxy.config.ssl.server.enable_dhparams", RECD_INT, "0",
RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+ ,
{RECT_CONFIG, "proxy.config.ssl.server.dhparams_file", RECD_STRING, NULL,
RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
,
//##
[2/3] trafficserver git commit: TS-3437: Make DH params configurable: update docs
TS-3437: Make DH params configurable: update docs Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/8a4128c1 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/8a4128c1 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/8a4128c1 Branch: refs/heads/master Commit: 8a4128c1dcf6e933ff77b9f7fe641b5bc8975a21 Parents: 091b59c Author: Brian Geffon Authored: Wed Mar 11 15:17:07 2015 -0700 Committer: Brian Geffon Committed: Wed Mar 11 15:17:07 2015 -0700 -- doc/reference/configuration/records.config.en.rst | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/8a4128c1/doc/reference/configuration/records.config.en.rst -- diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index 4cad8e8..8d6c843 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -2258,6 +2258,11 @@ SSL Termination Unless this is an absolute path, it is loaded relative to the path specified by :ts:cv:`proxy.config.ssl.server.cert.path`. +.. ts:cv:: CONFIG proxy.config.ssl.client.enable_dhparams INT 0 + + Enable or disable the dhparams_file configuration option, + this is disabled by default + .. ts:cv:: CONFIG proxy.config.ssl.server.dhparams_file STRING NULL The name of a file containing a set of Diffie-Hellman key exchange
[3/3] trafficserver git commit: TS-3437: Make DH params configurable: update changes
TS-3437: Make DH params configurable: update changes Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/4361f4d0 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/4361f4d0 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/4361f4d0 Branch: refs/heads/master Commit: 4361f4d0d49f46be59fc6fe86e26f22fbfacebc1 Parents: 8a4128c Author: Brian Geffon Authored: Wed Mar 11 15:17:33 2015 -0700 Committer: Brian Geffon Committed: Wed Mar 11 15:17:33 2015 -0700 -- CHANGES | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4361f4d0/CHANGES -- diff --git a/CHANGES b/CHANGES index ff61651..cc83148 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.0 + *) [TS-3437] Make DH params configurable + *) [TS-3342] Non-standard method in bad request can cause crash *) [TS-3331] negative responses cached even when headers indicate otherwise
