This merge request adds a TLS context object cache implementation. The intention of having this object is manyfold:
In the case of client-side contexts: allow reusing the previously created contexts to employ the context-specific TLS session resumption cache. That will enable XoT connection to be reestablished faster and with fewer resources by not going through the full TLS handshake procedure.
In the case of server-side contexts: reduce the number of contexts
created on startup. That could reduce startup time in a case when
there are many
listen-on statements referring to a smaller amount of
tls statements, especially when
ephemeral certificates are
The long-term goal is to provide in-memory storage for additional
data associated with the certificates, like runtime
X509_STORE) of intermediate CA-certificates bundle for
Strict TLS/Mutual TLS (
Also, it makes managing the TLS contexts (
isc_tlsctx_t) within BIND safer because these are just
typedefs of a type provided by OpenSSL, and we are not doing reference counting on them for this reason, while TLS context cache object does implement the reference counting.
Closes #3067 (closed)