This merge request adds a TLS context object cache implementation. The intention of having this object is manyfold:
-
In the case of client-side contexts: allow reusing the previously created contexts to employ the context-specific TLS session resumption cache. That will enable XoT connection to be reestablished faster and with fewer resources by not going through the full TLS handshake procedure.
-
In the case of server-side contexts: reduce the number of contexts created on startup. That could reduce startup time in a case when there are many
listen-onstatements referring to a smaller amount oftlsstatements, especially whenephemeralcertificates are involved. -
The long-term goal is to provide in-memory storage for additional data associated with the certificates, like runtime representation (
X509_STORE) of intermediate CA-certificates bundle for Strict TLS/Mutual TLS (ca-file).
Also, it makes managing the TLS contexts (isc_tlsctx_t) within BIND safer because these are just typedefs of a type provided by OpenSSL, and we are not doing reference counting on them for this reason, while TLS context cache object does implement the reference counting.
Closes #3067 (closed)