From 8a3c95db22210c193289426eeecdf92eab73ca6a Mon Sep 17 00:00:00 2001
From: Xuan Sang LE <xsang.le@gmail.com>
Date: Sat, 10 Feb 2018 16:57:21 +0100
Subject: [PATCH] add ssl session cache

---
 httpd.c       | 22 ++++++++++++++++++----
 libs/handle.c |  4 ++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/httpd.c b/httpd.c
index 4b3355e..12bf296 100644
--- a/httpd.c
+++ b/httpd.c
@@ -6,6 +6,7 @@
 #define MATCH(s, n) strcmp(section, s) == 0 && strcmp(name, n) == 0
 
 #ifdef USE_OPENSSL
+static int ssl_session_ctx_id = 1;
 void init_openssl()
 { 
     SSL_load_error_strings();	
@@ -37,16 +38,27 @@ SSL_CTX *create_context()
 void configure_context(SSL_CTX *ctx)
 {
     SSL_CTX_set_ecdh_auto(ctx, 1);
-
+	/* Set some options and the session id.
+     * SSL_OP_NO_SSLv2: SSLv2 is insecure, disable it.
+     * SSL_OP_NO_TICKET: We don't want TLS tickets used because this is an SSL server caching example.
+     *                   It should be fine to use tickets in addition to server side caching.
+     */
+    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
+    SSL_CTX_set_session_id_context(ctx, (void *)&ssl_session_ctx_id, sizeof(ssl_session_ctx_id));
     /* Set the key and cert */
     if (SSL_CTX_use_certificate_file(ctx, server_config.sslcert, SSL_FILETYPE_PEM) <= 0) {
         ERR_print_errors_fp(stderr);
-	exit(EXIT_FAILURE);
+		exit(EXIT_FAILURE);
     }
 
     if (SSL_CTX_use_PrivateKey_file(ctx, server_config.sslkey, SSL_FILETYPE_PEM) <= 0 ) {
         ERR_print_errors_fp(stderr);
-	exit(EXIT_FAILURE);
+		exit(EXIT_FAILURE);
+    }
+	if (!SSL_CTX_check_private_key(ctx)) {
+        LOG("Failed to validate cert \n");
+        ERR_print_errors_fp(stderr);
+		exit(EXIT_FAILURE);
     }
 }
 
@@ -217,7 +229,9 @@ int main(int argc, char* argv[])
 		}
 		//accept_request(&client);
 	}
-
+#ifdef USE_OPENSSL
+	SSL_CTX_free(ctx);
+#endif
 	close(server_sock);
 
 	return(0);
diff --git a/libs/handle.c b/libs/handle.c
index eeac8b4..14d4037 100644
--- a/libs/handle.c
+++ b/libs/handle.c
@@ -107,6 +107,10 @@ int antd_close(void* src)
 	antd_client_t * source = (antd_client_t *) src;
 #ifdef USE_OPENSSL
 	if(source->ssl && usessl()){
+		//printf("SSL:Shutdown ssl\n");
+        //SSL_shutdown((SSL*) source->ssl);
+		SSL_set_shutdown((SSL*) source->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+		//printf("SSL:Free ssl\n");
 		SSL_free((SSL*) source->ssl);
 		//LOG("Freeing SSL\n");
 	}