Backport #65111 to 24.5: Re-enable OpenSSL session caching

base/poco/NetSSL_OpenSSL/src/SSLManager.cpp

@@ -330,27 +330,26 @@ void SSLManager::initDefaultContext(bool server)
 	else
 		_ptrDefaultClientContext->disableProtocols(disabledProtocols);
 
-    /// Temporarily disabled during the transition from boringssl to OpenSSL due to tsan issues.
-	/// bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
-	/// if (server)
-	/// {
-	/// 	std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
-	/// 	_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
-	/// 	if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
-	/// 	{
-	/// 		int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
-	/// 		_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
-	/// 	}
-	/// 	if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
-	/// 	{
-	/// 		int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
-	/// 		_ptrDefaultServerContext->setSessionTimeout(timeout);
-	/// 	}
-	/// }
-	/// else
-	/// {
-	/// 	_ptrDefaultClientContext->enableSessionCache(cacheSessions);
-	/// }
+	bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
+	if (server)
+	{
+		std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
+		_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
+		if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
+		{
+			int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
+			_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
+		}
+		if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
+		{
+			int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
+			_ptrDefaultServerContext->setSessionTimeout(timeout);
+		}
+	}
+	else
+	{
+		_ptrDefaultClientContext->enableSessionCache(cacheSessions);
+	}
 	bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
 	if (server)
 		_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);

contrib/openssl

@@ -1 +1 @@
-Subproject commit 67c0b63e578e4c751ac9edf490f5a96124fff8dc
+Subproject commit e0d6ae2bf93cf6dc26bb86aa39992bc6a410869a

tests/queries/0_stateless/01393_benchmark_secure_port.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Tags: no-fasttest, no-tsan, no-asan
+# Tags: no-fasttest
 
 CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 # shellcheck source=../shell_config.sh

tests/queries/0_stateless/01683_text_log_deadlock.reference

@@ -1 +1 @@
-queries: 25000
+queries: 5000

tests/queries/0_stateless/01683_text_log_deadlock.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
-# Tags: deadlock, no-tsan, no-asan
+# Tags: deadlock
 
 CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 # shellcheck source=../shell_config.sh
 . "$CURDIR"/../shell_config.sh
 
-$CLICKHOUSE_BENCHMARK --secure -i 25000 -c 32 --query 'SELECT 1' 2>&1 | grep -oF 'queries: 25000'
+$CLICKHOUSE_BENCHMARK --secure -i 5000 -c 32 --query 'SELECT 1' 2>&1 | grep -oF 'queries: 5000'