TSSslSession

Synopsis

#include <ts/ts.h>
TSSslSession TSSslSessionGet(const TSSslSessionID *sessionid)
int TSSslSessionGetBuffer(const TSSslSessionID *sessionid, char *buffer, int *len_ptr)
TSReturnCode TSSslSessionInsert(const TSSslSessionID *sessionid, TSSslSession addSession, TSSslConnection ssl_conn)
TSReturnCode TSSslSessionRemove(const TSSslSessionID *sessionid)
void TSSslTicketKeyUpdate(char *ticketData, int ticketDataLength)

Description

These functions work with the internal ATS session cache. These functions are only useful if the ATS internal session cache is enabled by setting proxy.config.ssl.session_cache has been set to 2.

These functions tend to be used with the TS_SSL_SESSION_HOOK.

The functions work with the TSSslSessionID object to identify sessions to retrieve, insert, or delete.

The functions also work with the TSSslSession object which can be cast to a pointer to the openssl SSL_SESSION object.

These functions perform the appropriate locking on the session cache to avoid errors.

The TSSslSessionGet() and TSSslSessionGetBuffer() functions retrieve the TSSslSession object that is identified by the TSSslSessionID object. If there is no matching session object, TSSslSessionGet() returns NULL and TSSslSessionGetBuffer() returns 0.

TSSslSessionGetBuffer() returns the session information serialized in a buffer that can be shared between processes. When the function is called len_ptr should point to the amount of space available in the buffer parameter. The function returns the amount of data really needed to encode the session. len_ptr is updated with the amount of data actually stored in the buffer. TSSslSessionGetBuffer() will not overrun the provided buffer, but the caller should ensure that the data’s size was not larger than the buffer by comparing the returned value with the value of len_ptr. If the returned value is larger than the buffer size, then the session data did not fit in the buffer and the session data stored in the buffer output variable should not be used.

TSSslSessionInsert() inserts the session specified by the addSession parameter into the ATS session cache under the sessionid key. If there is already an entry in the cache for the session id key, it is first removed before the new entry is added.

TSSslSessionRemove() removes the session entry from the session cache that is keyed by sessionid.

TSSslTicketKeyUpdate() updates the running ATS process to use a new set of Session Ticket Encryption keys. This behaves the same way as updating the session ticket encrypt key file with new data and reloading the current ATS process. However, this API does not require writing session ticket encryption keys to disk.

If both the ticket key files and TSSslTicketKeyUpdate() are used to update session ticket encryption keys, ATS will use the most recent update regardless if whether it was made by file and configuration reload or API.