This merge request adds a TLS context object cache implementation. The intention of having this object is manyfold:
In the case of client-side contexts: allow reusing the previously created contexts to employ the context-specific TLS session resumption cache. That will enable XoT connection to be reestablished faster and with fewer resources by not going through the full TLS handshake procedure.
In the case of server-side contexts: reduce the number of contexts created on startup. That could reduce startup time in a case when there are many
listen-onstatements referring to a smaller amount of
tlsstatements, especially when
ephemeralcertificates are involved.
The long-term goal is to provide in-memory storage for additional data associated with the certificates, like runtime representation (
X509_STORE) of intermediate CA-certificates bundle for Strict TLS/Mutual TLS (
Also, it makes managing the TLS contexts (
isc_tlsctx_t) within BIND safer because these are just
typedefs of a type provided by OpenSSL, and we are not doing reference counting on them for this reason, while TLS context cache object does implement the reference counting.
Closes #3067 (closed)