Home | History | Annotate | Download | only in session_cache 
      1 /*
      2  *
      3  * Copyright 2018 gRPC authors.
      4  *
      5  * Licensed under the Apache License, Version 2.0 (the "License");
      6  * you may not use this file except in compliance with the License.
      7  * You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  * Unless required by applicable law or agreed to in writing, software
     12  * distributed under the License is distributed on an "AS IS" BASIS,
     13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  * See the License for the specific language governing permissions and
     15  * limitations under the License.
     16  *
     17  */
     18 
     19 #ifndef GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H
     20 #define GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H
     21 
     22 #include <grpc/support/port_platform.h>
     23 
     24 #include "src/core/tsi/grpc_shadow_boringssl.h"
     25 
     26 #include <grpc/slice.h>
     27 
     28 extern "C" {
     29 #include <openssl/ssl.h>
     30 }
     31 
     32 #include "src/core/lib/gprpp/ref_counted.h"
     33 
     34 // The main purpose of code here is to provide means to cache SSL sessions
     35 // in a way that they can be shared between connections.
     36 //
     37 // SSL_SESSION stands for single instance of session and is not generally safe
     38 // to share between SSL contexts with different lifetimes. It happens because
     39 // not all SSL implementations guarantee immutability of SSL_SESSION object.
     40 // See SSL_SESSION documentation in BoringSSL and OpenSSL for more details.
     41 
     42 namespace tsi {
     43 
     44 struct SslSessionDeleter {
     45   void operator()(SSL_SESSION* session) { SSL_SESSION_free(session); }
     46 };
     47 
     48 typedef std::unique_ptr<SSL_SESSION, SslSessionDeleter> SslSessionPtr;
     49 
     50 /// SslCachedSession is an immutable thread-safe storage for single session
     51 /// representation. It provides means to share SSL session data (e.g. TLS
     52 /// ticket) between encrypted connections regardless of SSL context lifetime.
     53 class SslCachedSession {
     54  public:
     55   // Not copyable nor movable.
     56   SslCachedSession(const SslCachedSession&) = delete;
     57   SslCachedSession& operator=(const SslCachedSession&) = delete;
     58 
     59   /// Create single cached instance of \a session.
     60   static grpc_core::UniquePtr<SslCachedSession> Create(SslSessionPtr session);
     61 
     62   virtual ~SslCachedSession() = default;
     63 
     64   /// Returns a copy of previously cached session.
     65   virtual SslSessionPtr CopySession() const GRPC_ABSTRACT;
     66 
     67   GRPC_ABSTRACT_BASE_CLASS
     68 
     69  protected:
     70   SslCachedSession() = default;
     71 };
     72 
     73 }  // namespace tsi
     74 
     75 #endif /* GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H */
     76