add ssl session cache

httpd.c

@@ -6,6 +6,7 @@
 #define MATCH(s, n) strcmp(section, s) == 0 && strcmp(name, n) == 0
 
 #ifdef USE_OPENSSL
+static int ssl_session_ctx_id = 1;
 void init_openssl()
 { 
     SSL_load_error_strings();	
@@ -37,7 +38,13 @@ SSL_CTX *create_context()
 void configure_context(SSL_CTX *ctx)
 {
     SSL_CTX_set_ecdh_auto(ctx, 1);
-
+	/* Set some options and the session id.
+     * SSL_OP_NO_SSLv2: SSLv2 is insecure, disable it.
+     * SSL_OP_NO_TICKET: We don't want TLS tickets used because this is an SSL server caching example.
+     *                   It should be fine to use tickets in addition to server side caching.
+     */
+    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
+    SSL_CTX_set_session_id_context(ctx, (void *)&ssl_session_ctx_id, sizeof(ssl_session_ctx_id));
     /* Set the key and cert */
     if (SSL_CTX_use_certificate_file(ctx, server_config.sslcert, SSL_FILETYPE_PEM) <= 0) {
         ERR_print_errors_fp(stderr);
@@ -48,6 +55,11 @@ void configure_context(SSL_CTX *ctx)
         ERR_print_errors_fp(stderr);
 		exit(EXIT_FAILURE);
     }
+	if (!SSL_CTX_check_private_key(ctx)) {
+        LOG("Failed to validate cert \n");
+        ERR_print_errors_fp(stderr);
+		exit(EXIT_FAILURE);
+    }
 }
 
 #endif
@@ -217,7 +229,9 @@ int main(int argc, char* argv[])
 		}
 		//accept_request(&client);
 	}
-
+#ifdef USE_OPENSSL
+	SSL_CTX_free(ctx);
+#endif
 	close(server_sock);
 
 	return(0);

libs/handle.c

@@ -107,6 +107,10 @@ int antd_close(void* src)
 	antd_client_t * source = (antd_client_t *) src;
 #ifdef USE_OPENSSL
 	if(source->ssl && usessl()){
+		//printf("SSL:Shutdown ssl\n");
+        //SSL_shutdown((SSL*) source->ssl);
+		SSL_set_shutdown((SSL*) source->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+		//printf("SSL:Free ssl\n");
 		SSL_free((SSL*) source->ssl);
 		//LOG("Freeing SSL\n");
 	}