+[Jan. 12, 2009] 1.0.1-0 Toru Morishita
+ - Add option: SSLID table expire time, SSLID table size, SSLID cache on/off
+
[Dec. 17, 2008] 1.0.0-0 Toru Morishita
- First edition.
tmp_dh_file = "dh512.pem"
cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
+# SSL session cache configuration.
+session_cache = "on"
+session_cache_size = 20480
+session_cache_timeout = 300
+
[logger]
## SSLProxy log configuration.
# sslproxy logfile base name
tmp_dh_file = "dh512.pem"
cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
+# SSL session cache configuration.
+session_cache = "on"
+session_cache_size = 20480
+session_cache_timeout = 300
+
[logger]
## SSLProxy log configuration.
# sslproxy logfile base name
PACKAGENAME=sslproxy
-VERSION=1.0.0-0
+VERSION=1.0.1-0
am__api_version="1.9"
ac_aux_dir=
AC_PREREQ(2.59)
AC_INIT(sslproxy)
PACKAGENAME=sslproxy
-VERSION=1.0.0-0
+VERSION=1.0.1-0
AM_INIT_AUTOMAKE($PACKAGENAME, $VERSION, no-define )
AC_CONFIG_SRCDIR([config.h.in])
#define MAX_TARGET_ID_SIZE 256\r
#define TARGET_ID_CHECK_STRING "/bin/ps -C sslproxy -o args --no-headers | /bin/cut -d\" \" -f2"\r
\r
+//! SSLproxy session cache parameter default value.\r
+#define DEFAULT_SESSION_CACHE_MODE SSL_SESS_CACHE_SERVER //! "on"\r
+#define DEFAULT_SESSION_CACHE_SIZE SSL_SESSION_CACHE_MAX_SIZE_DEFAULT //! 20480\r
+#define DEFAULT_SESSION_CACHE_TIMEOUT 300\r
+\r
//! Target_id.\r
extern std::string target_id;\r
\r
extern std::string tmp_dh_dir;\r
extern std::string tmp_dh_file;\r
extern std::string cipher_list;\r
+extern long session_cache_mode;\r
+extern long session_cache_size;\r
+extern long session_cache_timeout;\r
extern std::string conn_log_flag;\r
\r
#endif //__SSLPROXY_H__\r
char server_buffer[MAX_BUFFER_SIZE];\r
bool handshaked;\r
bool istimeout;\r
- int u_event_count;\r
- int d_event_count;\r
+ bool c_r_event;\r
+ bool c_w_event;\r
+ bool s_r_event;\r
+ bool s_w_event;\r
bool finishing;\r
pthread_mutex_t client_socket_mutex;\r
+ boost::asio::deadline_timer cache_timer;\r
\r
public:\r
// constructor\r
void start();\r
// Timer cancel function.\r
void cancel(const boost::system::error_code& error);\r
+ // Cache expire function.\r
+ void cache_expire(const boost::system::error_code& error);\r
// Session destroy function.\r
void destroy_session(sslproxy_session* session);\r
// Handshake handling function.\r
std::string tmp_dh_dir;\r
std::string tmp_dh_file;\r
std::string cipher_list;\r
+long session_cache_mode;\r
+long session_cache_size;\r
+long session_cache_timeout;\r
std::string conn_log_flag;\r
\r
/*!\r
cipher_list = DEFAULT_CIPHER_LIST;\r
}\r
\r
+ // Get parameter "session_cache".\r
+ if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "session_cache")) {\r
+ std::string session_cache = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY, \r
+ "session_cache");\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 97,\r
+ "function : static int getParameters("\r
+ "std::string config_filename) : "\r
+ "get session_cache OK.");\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+ if (session_cache == "") {\r
+ LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 25, \r
+ "session_cache parameter is nothing. "\r
+ "Use default value.");\r
+ session_cache_mode = DEFAULT_SESSION_CACHE_MODE;\r
+ } else if (session_cache == "on") {\r
+ session_cache_mode = SSL_SESS_CACHE_SERVER;\r
+ } else if (session_cache == "off") {\r
+ session_cache_mode = SSL_SESS_CACHE_OFF;\r
+ } else {\r
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 47, \r
+ "Invalid session_cache parameter value.");\r
+ throw -1;\r
+ }\r
+ } else {\r
+ LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 26, \r
+ "session_cache parameter not found. "\r
+ "Use default value.");\r
+ session_cache_mode = DEFAULT_SESSION_CACHE_MODE;\r
+ }\r
+\r
+ // Get parameter "session_cache_size".\r
+ if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_size")) {\r
+ session_cache_size = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY, \r
+ "session_cache_size");\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 98,\r
+ "function : static int getParameters("\r
+ "std::string config_filename) : "\r
+ "get session_cache_size OK.");\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+ if (session_cache_size < 0 || session_cache_size > LONG_MAX) {\r
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 48, \r
+ "Invalid session_cache_size parameter value.");\r
+ throw -1;\r
+ }\r
+ } else {\r
+ LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 27, \r
+ "session_cache_size parameter not found. "\r
+ "Use default value.");\r
+ session_cache_size = DEFAULT_SESSION_CACHE_SIZE;\r
+ }\r
+\r
+ // Get parameter "session_cache_timeout".\r
+ if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_timeout")) {\r
+ session_cache_timeout = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY, \r
+ "session_cache_timeout");\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 99,\r
+ "function : static int getParameters("\r
+ "std::string config_filename) : "\r
+ "get session_cache_timeout OK.");\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+ if (session_cache_timeout < 0 || session_cache_timeout > LONG_MAX) {\r
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 48, \r
+ "Invalid session_cache_timeout parameter value.");\r
+ throw -1;\r
+ }\r
+ } else {\r
+ LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 28, \r
+ "session_cache_timeout parameter not found. "\r
+ "Use default value.");\r
+ session_cache_timeout = DEFAULT_SESSION_CACHE_TIMEOUT;\r
+ }\r
+\r
// Get parameter "conn_log_flag".\r
if (Parameter::getInstance().isStringExist(PARAM_COMP_LOGGER, "conn_log_flag")) {\r
conn_log_flag = Parameter::getInstance().getStringValue(PARAM_COMP_LOGGER, \r
", tmp_dh_dir = " << tmp_dh_dir <<\r
", tmp_dh_file = " << tmp_dh_file <<\r
", cipher_list = " << cipher_list <<\r
+ ", session_cache_mode = " << session_cache_mode <<\r
+ ", session_cache_size = " << session_cache_size <<\r
+ ", session_cache_timeout = " << session_cache_timeout <<\r
", conn_log_flag = " << conn_log_flag;\r
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 63,\r
"out_function : "\r
/*------ DEBUG LOG END ------*/\r
}\r
\r
-\r
// Set cipher list on the context.\r
if (SSL_CTX_set_cipher_list(sslcontext.impl(), cipher_list.c_str()) != 1) {\r
std::cerr << "Set cipher list error : no valid ciphers." << std::endl;\r
}\r
/*------ DEBUG LOG END ------*/\r
\r
+ // Set session cache mode on the context.\r
+ SSL_CTX_set_session_cache_mode(sslcontext.impl(), session_cache_mode);\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SERVER)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SERVER, 42,\r
+ "function : Constructor sslproxy_server::sslproxy_server() : "\r
+ "Set session cache mode END. "\r
+ "session_cache_mode = %ld",\r
+ SSL_CTX_get_session_cache_mode(sslcontext.impl()));\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+\r
+ // Set session cache size on the context.\r
+ SSL_CTX_sess_set_cache_size(sslcontext.impl(), session_cache_size);\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SERVER)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SERVER, 43,\r
+ "function : Constructor sslproxy_server::sslproxy_server() : "\r
+ "Set session cache size END. "\r
+ "session_cache_size = %ld",\r
+ SSL_CTX_sess_get_cache_size(sslcontext.impl()));\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+\r
+ // Set session cache timeout on the context.\r
+ SSL_CTX_set_timeout(sslcontext.impl(), session_cache_timeout);\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SERVER)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SERVER, 44,\r
+ "function : Constructor sslproxy_server::sslproxy_server() : "\r
+ "Set session cache timeout END. "\r
+ "session_cache_timeout = %ld",\r
+ SSL_CTX_get_timeout(sslcontext.impl()));\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+\r
// Create sslproxy_session for first acception.\r
function_str = "Create sslproxy_session for first";\r
sslproxy_session* session = new sslproxy_session(sslservice,\r
cancel_time(timeout_sec),\r
handshaked(false),\r
istimeout(false),\r
- u_event_count(0),\r
- d_event_count(0),\r
- finishing(false)\r
+ c_r_event(false),\r
+ c_w_event(false),\r
+ s_r_event(false),\r
+ s_w_event(false),\r
+ finishing(false),\r
+ cache_timer(ioservice)\r
{\r
/*-------- DEBUG LOG --------*/\r
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
}\r
\r
try {\r
- // Start async handshake and Set handshake handler.\r
- client_socket.async_handshake(boost::asio::ssl::stream_base::server,\r
- boost::bind(&sslproxy_session::handle_handshake,\r
- this,\r
- boost::asio::placeholders::error));\r
- /*-------- DEBUG LOG --------*/\r
- if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
- LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 14,\r
- "function : void sslproxy_session::start() : "\r
- "async_handshake() registration END.");\r
- }\r
- /*------ DEBUG LOG END ------*/\r
-\r
- // Set handshake expire time.\r
- try {\r
- timer.expires_from_now(boost::posix_time::seconds(cancel_time));\r
+ if(sessionTable.end() != sessionTable.find((long)this)) {\r
+ // Start async handshake and Set handshake handler.\r
+ client_socket.async_handshake(boost::asio::ssl::stream_base::server,\r
+ boost::bind(&sslproxy_session::handle_handshake,\r
+ this,\r
+ boost::asio::placeholders::error));\r
/*-------- DEBUG LOG --------*/\r
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
- LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 15,\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 14,\r
"function : void sslproxy_session::start() : "\r
- "expires_from_now() END. "\r
- "cancel_time = %d",\r
- cancel_time);\r
+ "async_handshake() registration END.");\r
}\r
/*------ DEBUG LOG END ------*/\r
- } catch (std::exception& e) {\r
- LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_SESSION, 5, \r
- "Set handshake expire time error : %s.", e.what());\r
- throw -1;\r
- }\r
\r
- // Start timer waiting and Set timer handler.\r
- timer.async_wait(boost::bind(&sslproxy_session::cancel,\r
- this,\r
- boost::asio::placeholders::error));\r
- /*-------- DEBUG LOG --------*/\r
- if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
- LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 16,\r
- "function : void sslproxy_session::start() : "\r
- "async_wait() END.");\r
+ // Set handshake expire time.\r
+ try {\r
+ timer.expires_from_now(boost::posix_time::seconds(cancel_time));\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 15,\r
+ "function : void sslproxy_session::start() : "\r
+ "expires_from_now() END. "\r
+ "cancel_time = %d",\r
+ cancel_time);\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
+ } catch (std::exception& e) {\r
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_SESSION, 5, \r
+ "Set handshake expire time error : %s.", e.what());\r
+ throw -1;\r
+ }\r
+\r
+ // Start timer waiting and Set timer handler.\r
+ timer.async_wait(boost::bind(&sslproxy_session::cancel,\r
+ this,\r
+ boost::asio::placeholders::error));\r
+ /*-------- DEBUG LOG --------*/\r
+ if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
+ LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 16,\r
+ "function : void sslproxy_session::start() : "\r
+ "async_wait() END.");\r
+ }\r
+ /*------ DEBUG LOG END ------*/\r
}\r
- /*------ DEBUG LOG END ------*/\r
} catch (...) {\r
LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_SESSION, 6, \r
"Exception occured in sslproxy_session::start().");\r
}\r
\r
/*!\r
+ * Session cache expire handler function.\r
+ *\r
+ * @param[in] error error code\r
+ */\r
+void sslproxy_session::cache_expire(const boost::system::error_code& error)\r
+{\r
+ // Check session is not already delete.\r
+ if(sessionTable.end() != sessionTable.find((long)this)) {\r
+ if (!error) {\r
+ // Server event remain.\r
+ server_socket.cancel();\r
+ } else {\r
+ if (error.value() == ECANCELED) {\r
+ LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_SESSION, 8, \r
+ "Cache expire operation cancel. Normal END : %s.",\r
+ error.message().c_str());\r
+ } else {\r
+ LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_SESSION, 22, \r
+ "Cache expire wait NG : %s.",\r
+ error.message().c_str());\r
+ }\r
+ }\r
+\r
+ }\r
+}\r
+\r
+/*!\r
* Destroy session function.\r
*\r
* @param[in] session session object\r
// Check session is not already delete.\r
if(sessionTable.end() != sessionTable.find((long)session)) {\r
finishing = true;\r
- if (u_event_count + d_event_count == 0) {\r
+ if (!c_r_event && !c_w_event && !s_r_event && !s_w_event) {\r
// All event end.\r
pthread_mutex_lock(&sessionTable_mutex);\r
sessionTable.erase((long)session);\r
delete session;\r
} else {\r
// Event remain.\r
- if (!istimeout) {\r
- client_socket.lowest_layer().cancel();\r
+ if (c_r_event || c_w_event) {\r
+ // Client event remain.\r
+ if (!istimeout) {\r
+ client_socket.lowest_layer().cancel();\r
+ }\r
+ } else if (s_r_event || s_w_event) {\r
+ // Server event remain.\r
+ // Set expire time for session cache.\r
+ cache_timer.expires_from_now(boost::posix_time::seconds(session_cache_timeout));\r
+ cache_timer.async_wait(boost::bind(&sslproxy_session::cache_expire,\r
+ this,\r
+ boost::asio::placeholders::error));\r
}\r
}\r
}\r
handshaked = true;\r
timer.cancel();\r
// Start async read client.\r
- u_event_count = 1;\r
+ c_r_event = true;\r
+ pthread_mutex_lock(&client_socket_mutex);\r
client_socket.async_read_some(boost::asio::buffer(client_buffer, MAX_BUFFER_SIZE),\r
boost::bind(&sslproxy_session::handle_client_read,\r
this,\r
boost::asio::placeholders::error,\r
boost::asio::placeholders::bytes_transferred));\r
+ pthread_mutex_unlock(&client_socket_mutex);\r
/*-------- DEBUG LOG --------*/\r
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 26,\r
/*------ DEBUG LOG END ------*/\r
\r
// Start async read server.\r
- d_event_count = 1;\r
+ s_r_event = true;\r
server_socket.async_read_some(boost::asio::buffer(server_buffer, MAX_BUFFER_SIZE),\r
boost::bind(&sslproxy_session::handle_server_read,\r
this,\r
/*-------- DEBUG LOG --------*/\r
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 27,\r
- "function : void sslproxy_session::handle_server_write() : "\r
- "Client read completed. "\r
+ "function : void sslproxy_session::handle_connect() : "\r
"Server async_read_some() registration END.");\r
}\r
/*------ DEBUG LOG END ------*/\r
void sslproxy_session::handle_client_read(const boost::system::error_code& error,\r
size_t bytes_transferred)\r
{\r
- u_event_count = 0;\r
+ c_r_event = false;\r
// Check timout and finishing status.\r
if (istimeout || finishing) {\r
destroy_session(this);\r
// Check client read result.\r
if (!error) {\r
// Start async write server.\r
- u_event_count = 1;\r
+ s_w_event = true;\r
boost::asio::async_write(server_socket,\r
boost::asio::buffer(client_buffer, bytes_transferred),\r
boost::bind(&sslproxy_session::handle_server_write,\r
void sslproxy_session::handle_server_write(const boost::system::error_code& error,\r
size_t bytes_transferred)\r
{\r
- u_event_count = 0;\r
+ s_w_event = false;\r
// Check timout and finishing status.\r
if (istimeout || finishing) {\r
destroy_session(this);\r
// Check server write result.\r
if (!error) {\r
// Next client data wait, start async read client again.\r
- u_event_count = 1;\r
+ c_r_event = true;\r
+ pthread_mutex_lock(&client_socket_mutex);\r
client_socket.async_read_some(boost::asio::buffer(client_buffer, MAX_BUFFER_SIZE),\r
boost::bind(&sslproxy_session::handle_client_read,\r
this,\r
boost::asio::placeholders::error,\r
boost::asio::placeholders::bytes_transferred));\r
+ pthread_mutex_unlock(&client_socket_mutex);\r
/*-------- DEBUG LOG --------*/\r
if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_SESSION)) {\r
LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_SESSION, 34,\r
void sslproxy_session::handle_server_read(const boost::system::error_code& error,\r
size_t bytes_transferred)\r
{\r
- d_event_count = 0;\r
+ s_r_event = false;\r
// Check timout and finishing status.\r
if (istimeout || finishing) {\r
destroy_session(this);\r
// Check server read result.\r
if (!error) {\r
// Start async write client.\r
- d_event_count = 1;\r
+ c_w_event = true;\r
pthread_mutex_lock(&client_socket_mutex);\r
boost::asio::async_write(client_socket,\r
boost::asio::buffer(server_buffer, bytes_transferred),\r
void sslproxy_session::handle_client_write(const boost::system::error_code& error,\r
size_t bytes_transferred)\r
{\r
- d_event_count = 0;\r
+ c_w_event = false;\r
// Check timout and finishing status.\r
if (istimeout || finishing) {\r
destroy_session(this);\r
// Check client write result.\r
if (!error) {\r
// Next server data wait, start async read server again.\r
- d_event_count = 1;\r
+ s_r_event = true;\r
server_socket.async_read_some(boost::asio::buffer(server_buffer, MAX_BUFFER_SIZE),\r
boost::bind(&sslproxy_session::handle_server_read,\r
this,\r
Summary: The SSL Proxy Server
Name: sslproxy
-Version: 1.0.0
+Version: 1.0.1
Release: 0
License: LGPL
Packager: Toru Morishita
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/l7vs/sslproxy
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
install -c -m 755 -D src/sslproxy src/sslproxyadm $RPM_BUILD_ROOT%{_sbindir}
install -c -m 644 -D conf/sslproxy.target_1.cf $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
install -c -m 644 -D conf/sslproxy.target_2.cf $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
install -c -m 644 -D conf/sslproxyadm.cf $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
-install -c -m 644 -D conf/sslproxyadm.logrotate $RPM_BUILD_ROOT%/etc/logrotate.d/sslproxy
+install -c -m 644 -D conf/sslproxyadm.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sslproxy
install -c -m 644 -D sslfiles/root.pem $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
install -c -m 644 -D sslfiles/server.pem $RPM_BUILD_ROOT%{_sysconfdir}/l7vs/sslproxy
rm -rf $RPM_BUILD_ROOT
%post
-mkdir /var/log/l7vs/sslproxy
+mkdir -p /var/log/l7vs/sslproxy
%files
%defattr(-, root, root, 0755)
%{_sbindir}
#%config %{_sysconfdir}/init.d/*
%config %{_sysconfdir}/l7vs/sslproxy/*
+%config %{_sysconfdir}/logrotate.d/sslproxy
#%doc README COPYING
#%{_mandir}