Deno/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-22 04:51:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

feat(runtime/tls): add global tls session cache (#8877)

Browse Source 
Fixes #8875
This commit is contained in:
Ben Noordhuis 2021-01-13 01:22:33 +01:00 committed by GitHub
parent 8142496c57
commit ef0bbbbeaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
runtime/ops/tls.rs
View File

@ -24,24 +24,51 @@ use deno_core::ZeroCopyBuf;
use serde::Deserialize;
use std::borrow::Cow;
use std::cell::RefCell;
use std::collections::HashMap;
use std::convert::From;
use std::fs::File;
use std::io::BufReader;
use std::path::Path;
use std::rc::Rc;
use std::sync::Arc;
use std::sync::Mutex;
use tokio::net::TcpListener;
use tokio::net::TcpStream;
use tokio_rustls::{rustls::ClientConfig, TlsConnector};
use tokio_rustls::{
rustls::{
internal::pemfile::{certs, pkcs8_private_keys, rsa_private_keys},
Certificate, NoClientAuth, PrivateKey, ServerConfig,
Certificate, NoClientAuth, PrivateKey, ServerConfig, StoresClientSessions,
},
TlsAcceptor,
};
use webpki::DNSNameRef;
lazy_static::lazy_static! {
static ref CLIENT_SESSION_MEMORY_CACHE: Arc<ClientSessionMemoryCache> =
Arc::new(ClientSessionMemoryCache::default());
}
#[derive(Default)]
struct ClientSessionMemoryCache(Mutex<HashMap<Vec<u8>, Vec<u8>>>);
impl StoresClientSessions for ClientSessionMemoryCache {
fn get(&self, key: &[u8]) -> Option<Vec<u8>> {
self.0.lock().unwrap().get(key).cloned()
}
fn put(&self, key: Vec<u8>, value: Vec<u8>) -> bool {
let mut sessions = self.0.lock().unwrap();
// TODO(bnoordhuis) Evict sessions LRU-style instead of arbitrarily.
while sessions.len() >= 1024 {
let key = sessions.keys().next().unwrap().clone();
sessions.remove(&key);
}
sessions.insert(key, value);
true
}
}
pub fn init(rt: &mut deno_core::JsRuntime) {
super::reg_json_async(rt, "op_start_tls", op_start_tls);
super::reg_json_async(rt, "op_connect_tls", op_connect_tls);
@ -102,6 +129,7 @@ async fn op_start_tls(
let local_addr = tcp_stream.local_addr()?;
let remote_addr = tcp_stream.peer_addr()?;
let mut config = ClientConfig::new();
config.set_persistence(CLIENT_SESSION_MEMORY_CACHE.clone());
config
.root_store
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
@ -165,6 +193,7 @@ async fn op_connect_tls(
let local_addr = tcp_stream.local_addr()?;
let remote_addr = tcp_stream.peer_addr()?;
let mut config = ClientConfig::new();
config.set_persistence(CLIENT_SESSION_MEMORY_CACHE.clone());
config
.root_store
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);