Skip to content

cache and clean the VOMS AC only once per connection

Francesco Giacomini requested to merge issue-15 into master

As a consequence, the VOMS AC is available during the logging operation at the end of the request and can be seen in the access log, e.g. with the following change in the configuration file:

http {
log_format storm '$time_iso8601 [$request_id] $remote_addr '
                    '- $remote_user "$request" <$upstream_response_time> '
                    '$ssl_protocol/$ssl_cipher '
                    '"$ssl_client_s_dn" '
                    '[$voms_fqans] '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log ... storm;
    ...

In the access log one can then see, for example:

2018-06-27T13:56:19+00:00 [4cc92445bf56587e6d589fb7c697841b] 127.0.0.1 - - "GET / HTTP/1.1" <-> TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384 "CN=1744748182,CN=test0,O=IGI,C=IT" [/test/exp1,/test/exp2,/test/exp3/Role=PIPPO] 200 330 "-" "curl/7.29.0" "-"

There are no tests for this change. A test can be done using, for example:

curl --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem https://nginx-voms.example:8443 https://nginx-voms.example:8443

Note that two identical URLs are requested and curl sends them within the same connection (i.e. the connection is kept alive). To verify that the VOMS AC is cached and cleaned only once per connection one can check the error log, for example:

2018/06/27 13:56:19 [debug] 9207#9207: *1 generic_getter
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac_from_cache
2018/06/27 13:56:19 [debug] 9207#9207: *1 retrieve_voms_ac_from_proxy
2018/06/27 13:56:19 [debug] 9207#9207: *1 cache_voms_ac
2018/06/27 13:56:19 [debug] 9207#9207: *1 generic_getter
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac_from_cache
2018/06/27 13:56:19 [debug] 9207#9207: *1 generic_getter
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac
2018/06/27 13:56:19 [debug] 9207#9207: *1 get_voms_ac_from_cache
...
2018/06/27 13:56:57 [info] 9207#9207: *2 client 127.0.0.1 closed keepalive connection
2018/06/27 13:56:57 [debug] 9207#9207: *2 clean_voms_ac
Edited by Andrea Ceccanti

Merge request reports