diff --git a/include/types/global.h b/include/types/global.h index b55481bfc..bd8a06e81 100644 --- a/include/types/global.h +++ b/include/types/global.h @@ -97,6 +97,9 @@ struct global { int chksize; /* check buffer size in bytes, defaults to BUFSIZE */ int pipesize; /* pipe size in bytes, system defaults if zero */ int max_http_hdr; /* max number of HTTP headers, use MAX_HTTP_HDR if zero */ +#ifdef USE_OPENSSL + int sslcachesize; /* SSL cache size in session, defaults to 20000 */ +#endif } tune; struct { char *prefix; /* path prefix of unix bind socket */ diff --git a/src/cfgparse.c b/src/cfgparse.c index ca88e8684..dcc019b94 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -526,6 +526,16 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) } global.tune.chksize = atol(args[1]); } +#ifdef USE_OPENSSL + else if (!strcmp(args[0], "tune.sslcachesize")) { + if (*(args[1]) == 0) { + Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + global.tune.sslcachesize = atol(args[1]); + } +#endif else if (!strcmp(args[0], "tune.bufsize")) { if (*(args[1]) == 0) { Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); @@ -6704,7 +6714,7 @@ int check_config_validity() SSL_CTX_set_options(listener->ssl_ctx.ctx, ssloptions); SSL_CTX_set_mode(listener->ssl_ctx.ctx, sslmode); SSL_CTX_set_verify(listener->ssl_ctx.ctx, SSL_VERIFY_NONE, NULL); - if (shared_context_init(0) < 0) { + if (shared_context_init(global.tune.sslcachesize) < 0) { Alert("Unable to allocate SSL session cache.\n"); cfgerr++; goto skip_ssl; diff --git a/src/haproxy.c b/src/haproxy.c index 764e30f40..adf2614f3 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -125,6 +125,9 @@ struct global global = { .bufsize = BUFSIZE, .maxrewrite = MAXREWRITE, .chksize = BUFSIZE, +#ifdef USE_OPENSSL + .sslcachesize = 20000, +#endif }, /* others NULL OK */ };