From fc32acafcd109804dcd198f99ecd1b892a66ffa5 Mon Sep 17 00:00:00 2001
From: Emeric Brun <ebrun@exceliance.fr>
Date: Mon, 3 Sep 2012 12:10:29 +0200
Subject: [PATCH] MINOR: ssl add global setting tune.sslcachesize to set SSL
 session cache size.

This new global setting allows the user to change the SSL cache size in
number of sessions. It defaults to 20000.
---
 include/types/global.h |  3 +++
 src/cfgparse.c         | 12 +++++++++++-
 src/haproxy.c          |  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/types/global.h b/include/types/global.h
index b55481bfc..bd8a06e81 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -97,6 +97,9 @@ struct global {
 		int chksize;       /* check buffer size in bytes, defaults to BUFSIZE */
 		int pipesize;      /* pipe size in bytes, system defaults if zero */
 		int max_http_hdr;  /* max number of HTTP headers, use MAX_HTTP_HDR if zero */
+#ifdef USE_OPENSSL
+		int sslcachesize;  /* SSL cache size in session, defaults to 20000 */
+#endif
 	} tune;
 	struct {
 		char *prefix;           /* path prefix of unix bind socket */
diff --git a/src/cfgparse.c b/src/cfgparse.c
index ca88e8684..dcc019b94 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -526,6 +526,16 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 		}
 		global.tune.chksize = atol(args[1]);
 	}
+#ifdef USE_OPENSSL
+	else if (!strcmp(args[0], "tune.sslcachesize")) {
+		if (*(args[1]) == 0) {
+			Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
+		global.tune.sslcachesize = atol(args[1]);
+	}
+#endif
 	else if (!strcmp(args[0], "tune.bufsize")) {
 		if (*(args[1]) == 0) {
 			Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
@@ -6704,7 +6714,7 @@ int check_config_validity()
 				SSL_CTX_set_options(listener->ssl_ctx.ctx, ssloptions);
 				SSL_CTX_set_mode(listener->ssl_ctx.ctx, sslmode);
 				SSL_CTX_set_verify(listener->ssl_ctx.ctx, SSL_VERIFY_NONE, NULL);
-				if (shared_context_init(0) < 0) {
+				if (shared_context_init(global.tune.sslcachesize) < 0) {
 					Alert("Unable to allocate SSL session cache.\n");
 					cfgerr++;
 					goto skip_ssl;
diff --git a/src/haproxy.c b/src/haproxy.c
index 764e30f40..adf2614f3 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -125,6 +125,9 @@ struct global global = {
 		.bufsize = BUFSIZE,
 		.maxrewrite = MAXREWRITE,
 		.chksize = BUFSIZE,
+#ifdef USE_OPENSSL
+		.sslcachesize = 20000,
+#endif
 	},
 	/* others NULL OK */
 };