Merge pull request #65111 from rschu1ze/reenable-session-caching

Re-enable OpenSSL session caching
2024-11-21 23:21:59 +00:00 · 2024-06-18 16:39:38 +00:00 · 2024-06-18 16:39:38 +00:00 · abe424b24b
commit abe424b24b
parent 741e453510 cdcfcb99fc
5 changed files with 25 additions and 26 deletions
--- a/base/poco/NetSSL_OpenSSL/src/SSLManager.cpp
+++ b/base/poco/NetSSL_OpenSSL/src/SSLManager.cpp
@ -330,27 +330,26 @@ void SSLManager::initDefaultContext(bool server)
 	else
 		_ptrDefaultClientContext->disableProtocols(disabledProtocols);

-    /// Temporarily disabled during the transition from boringssl to OpenSSL due to tsan issues.
-	/// bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
-	/// if (server)
-	/// {
-	/// 	std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
-	/// 	_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
-	/// 	if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
-	/// 	{
-	/// 		int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
-	/// 		_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
-	/// 	}
-	/// 	if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
-	/// 	{
-	/// 		int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
-	/// 		_ptrDefaultServerContext->setSessionTimeout(timeout);
-	/// 	}
-	/// }
-	/// else
-	/// {
-	/// 	_ptrDefaultClientContext->enableSessionCache(cacheSessions);
-	/// }
+	bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
+	if (server)
+	{
+		std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
+		_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
+		if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
+		{
+			int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
+			_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
+		}
+		if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
+		{
+			int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
+			_ptrDefaultServerContext->setSessionTimeout(timeout);
+		}
+	}
+	else
+	{
+		_ptrDefaultClientContext->enableSessionCache(cacheSessions);
+	}
 	bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
 	if (server)
 		_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);
--- a/contrib/openssl
+++ b/contrib/openssl
@ -1 +1 @@
-Subproject commit 67c0b63e578e4c751ac9edf490f5a96124fff8dc
+Subproject commit e0d6ae2bf93cf6dc26bb86aa39992bc6a410869a
--- a/tests/queries/0_stateless/01393_benchmark_secure_port.sh
+++ b/tests/queries/0_stateless/01393_benchmark_secure_port.sh
@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Tags: no-fasttest, no-tsan, no-asan
+# Tags: no-fasttest

 CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 # shellcheck source=../shell_config.sh
--- a/tests/queries/0_stateless/01683_text_log_deadlock.reference
+++ b/tests/queries/0_stateless/01683_text_log_deadlock.reference
@ -1 +1 @@
-queries: 25000
+queries: 5000
--- a/tests/queries/0_stateless/01683_text_log_deadlock.sh
+++ b/tests/queries/0_stateless/01683_text_log_deadlock.sh
@ -1,8 +1,8 @@
 #!/usr/bin/env bash
-# Tags: deadlock, no-tsan, no-asan
+# Tags: deadlock

 CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 # shellcheck source=../shell_config.sh
 . "$CURDIR"/../shell_config.sh

-$CLICKHOUSE_BENCHMARK --secure -i 25000 -c 32 --query 'SELECT 1' 2>&1 | grep -oF 'queries: 25000'
+$CLICKHOUSE_BENCHMARK --secure -i 5000 -c 32 --query 'SELECT 1' 2>&1 | grep -oF 'queries: 5000'