Patch info for distcache_geoff
Patch info for distcache_geoff
Author Comments
To: Stunnel Users List <stunnel-users@mirt.net>
Date: Sat, 01 Mar 2003 17:22:27 -0500
From: Geoff Thorpe <geoff@geoffthorpe.net>
Subject: [PATCH] distributed session caching
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 2.2K --]
Hello,
Further to my previous (miniscule) patch, here is a patch that
incorporates 'distcache' (www.distcache.org) support into stunnel. I
would still appreciate any replies from developers/maintainers to the
questions posed in my previous post, but in lieu of any news I've
pressed ahead with this development in the mean time. BTW: This patch
includes my previous tweak plus a FIXME I'll address as/when the
questions in my previous post get addressed.
This adds a new switch to the autoconf mechanisms,
"--disable-distcache", which if not defined will perform autoconf probes
to test for the presence and usability of distcache headers and
libraries. If --disable-distcache is not specified and the
headers/libraries are found and OK, then a new configuration directive
will be available "dc_target = <address-string>". This string takes a
distcache-style address and will automatically enable the use of session
caching callbacks that send all requests to the given address. A typical
deployment would work as follows;
machine A: this would host the centralised session cache;
[ or to listen on only one IPv4 interface, "IP:<hostname-or-IP>:9001"
machines B, C, D, ...: these will host copies of stunnel
The config files for each instance of stunnel would specify;
dc_target = UNIX:/tmp/scache
And everything should pretty much work. Session caching will fail in the
event of any network outages or crashes (resulting in new sessions being
negotiated instead of resumes), but should start working again
automatically when missing servies are restarted or network cables get
plugged back in again.
I've attempted to follow the stunnel coding styles, including the
addition of appropriate logging - there may be little conformance things
I've missed, and I haven't (yet) attempted to fiddle with the sample
config file nor the man page(s) to document this. I'd like feedback on
whether this is going to be acceptable in this form.
Is there somewhere else I should be posting contribs or is everyone just
off skiing at the moment? :-)
Cheers,
Geoff
--
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/
This website makes patches available for use by the
Internet community. However it does not endorse any of the patches
contained herein. They could be work perfectly, or totally foul up
everything. We don't know. Contact the authors if you have any
questions. Use at your own risk.
The Stunnel software package does not contain any
cryptography itself, however please remember that import and/or export of
cryptographic software, code providing hooks to cryptographic
algorithms, and discussion about cryptography is illegal in some countries.
It is imperative for you to know your local laws governing cryptography.
We're not liable for anything you do that violates your local laws.
|