Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 532
    • Issues 532
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Merge requests
  • !5672

Merged
Created Dec 24, 2021 by Artem Boldariev@artemOwner

Add TLS context cache

  • Overview 11
  • Commits 4
  • Pipelines 10
  • Changes 19

This merge request adds a TLS context object cache implementation. The intention of having this object is manyfold:

  • In the case of client-side contexts: allow reusing the previously created contexts to employ the context-specific TLS session resumption cache. That will enable XoT connection to be reestablished faster and with fewer resources by not going through the full TLS handshake procedure.

  • In the case of server-side contexts: reduce the number of contexts created on startup. That could reduce startup time in a case when there are many listen-on statements referring to a smaller amount of tls statements, especially when ephemeral certificates are involved.

  • The long-term goal is to provide in-memory storage for additional data associated with the certificates, like runtime representation (X509_STORE) of intermediate CA-certificates bundle for Strict TLS/Mutual TLS (ca-file).

Also, it makes managing the TLS contexts (isc_tlsctx_t) within BIND safer because these are just typedefs of a type provided by OpenSSL, and we are not doing reference counting on them for this reason, while TLS context cache object does implement the reference counting.

Closes #3067 (closed)

Edited Dec 29, 2021 by Artem Boldariev
Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: artem-tlsctx-caching