To: Stunnel Users List <stunnel-users@mirt.net>
Date: Sat, 01 Mar 2003 17:22:27 -0500
From: Geoff Thorpe <geoff@geoffthorpe.net>
Subject: [PATCH] distributed session caching

[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 2.2K --]

Hello,

Further to my previous (miniscule) patch, here is a patch that
incorporates 'distcache' (www.distcache.org) support into stunnel. I
would still appreciate any replies from developers/maintainers to the
questions posed in my previous post, but in lieu of any news I've
pressed ahead with this development in the mean time. BTW: This patch
includes my previous tweak plus a FIXME I'll address as/when the
questions in my previous post get addressed.

This adds a new switch to the autoconf mechanisms,
"--disable-distcache", which if not defined will perform autoconf probes
to test for the presence and usability of distcache headers and
libraries. If --disable-distcache is not specified and the
headers/libraries are found and OK, then a new configuration directive
will be available "dc_target = <address-string>". This string takes a
distcache-style address and will automatically enable the use of session
caching callbacks that send all requests to the given address. A typical
deployment would work as follows;

machine A: this would host the centralised session cache;
   # dc_server -daemon -listen IP:9001
   [ or to listen on only one IPv4 interface, "IP:<hostname-or-IP>:9001"

machines B, C, D, ...: these will host copies of stunnel
   # dc_client -daemon -listen UNIX:/tmp/scache -server IP:machineA:9001

The config files for each instance of stunnel would specify;
   dc_target = UNIX:/tmp/scache

And everything should pretty much work. Session caching will fail in the
event of any network outages or crashes (resulting in new sessions being
negotiated instead of resumes), but should start working again
automatically when missing servies are restarted or network cables get
plugged back in again.

I've attempted to follow the stunnel coding styles, including the
addition of appropriate logging - there may be little conformance things
I've missed, and I haven't (yet) attempted to fiddle with the sample
config file nor the man page(s) to document this. I'd like feedback on
whether this is going to be acceptable in this form.

Is there somewhere else I should be posting contribs or is everyone just
off skiing at the moment? :-)

Cheers,
Geoff

--
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/