diff --git a/include/types/global.h b/include/types/global.h index a3d1e9620..1f332074b 100644 --- a/include/types/global.h +++ b/include/types/global.h @@ -97,6 +97,7 @@ struct global { int ssl_handshake_max_cost; /* how many bytes an SSL handshake may use */ int ssl_used_frontend; /* non-zero if SSL is used in a frontend */ int ssl_used_backend; /* non-zero if SSL is used in a backend */ + int ssl_used_async_engines; /* number of used async engines */ unsigned int ssl_server_verify; /* default verify mode on servers side */ struct freq_ctr conn_per_sec; struct freq_ctr sess_per_sec; diff --git a/src/haproxy.c b/src/haproxy.c index bd8608f74..eb5e65b40 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -1780,6 +1780,11 @@ static void init(int argc, char **argv) global.hardmaxconn = global.maxconn; /* keep this max value */ global.maxsock += global.maxconn * 2; /* each connection needs two sockets */ global.maxsock += global.maxpipes * 2; /* each pipe needs two FDs */ + /* compute fd used by async engines */ + if (global.ssl_used_async_engines) { + int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend; + global.maxsock += global.maxconn * sides * global.ssl_used_async_engines; + } if (global.stats_fe) global.maxsock += global.stats_fe->maxconn; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 4741be11c..f9d5f2567 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -161,6 +161,7 @@ enum { int sslconns = 0; int totalsslconns = 0; static struct xprt_ops ssl_sock; +int nb_engines = 0; static struct { char *crt_base; /* base directory path for certificates */ @@ -411,6 +412,9 @@ static int ssl_init_single_engine(const char *engine_id, const char *def_algorit el = calloc(1, sizeof(*el)); el->e = engine; LIST_ADD(&openssl_engines, &el->list); + nb_engines++; + if (global_ssl.async) + global.ssl_used_async_engines = nb_engines; return 0; fail_set_method: @@ -7978,6 +7982,7 @@ static int ssl_parse_global_ssl_async(char **args, int section_type, struct prox { #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) global_ssl.async = 1; + global.ssl_used_async_engines = nb_engines; return 0; #else memprintf(err, "'%s': openssl library does not support async mode", args[0]);