Project

General

Profile

ssl.read-ahead.patch

gstrauss, 2017-01-10 13:24

View differences:

src/base.h
295 295
	buffer *ssl_verifyclient_username;
296 296
	unsigned short ssl_verifyclient_export_cert;
297 297
	unsigned short ssl_disable_client_renegotiation;
298
	unsigned short ssl_read_ahead;
298 299

  
299 300
	unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
300 301
	unsigned short defer_accept;
src/configfile.c
144 144
		{ "server.stream-request-body",        NULL, T_CONFIG_SHORT,   T_CONFIG_SCOPE_CONNECTION }, /* 76 */
145 145
		{ "server.stream-response-body",       NULL, T_CONFIG_SHORT,   T_CONFIG_SCOPE_CONNECTION }, /* 77 */
146 146
		{ "server.max-request-field-size",     NULL, T_CONFIG_INT,     T_CONFIG_SCOPE_SERVER     }, /* 78 */
147
		{ "ssl.read-ahead",                    NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
147 148

  
148 149
		{ NULL,                                NULL, T_CONFIG_UNSET,   T_CONFIG_SCOPE_UNSET      }
149 150
	};
......
247 248
		s->ssl_verifyclient_depth = 9;
248 249
		s->ssl_verifyclient_export_cert = 0;
249 250
		s->ssl_disable_client_renegotiation = 1;
251
		s->ssl_read_ahead = (0 == i ? 1 : srv->config_storage[0]->ssl_read_ahead);
250 252
		s->listen_backlog = (0 == i ? 1024 : srv->config_storage[0]->listen_backlog);
251 253
		s->stream_request_body = 0;
252 254
		s->stream_response_body = 0;
......
315 317
	      #endif
316 318
		cv[76].destination = &(s->stream_request_body);
317 319
		cv[77].destination = &(s->stream_response_body);
320
		cv[79].destination = &(s->ssl_read_ahead);
318 321

  
319 322
		srv->config_storage[i] = s;
320 323

  
......
543 546
	PATCH(ssl_verifyclient_username);
544 547
	PATCH(ssl_verifyclient_export_cert);
545 548
	PATCH(ssl_disable_client_renegotiation);
549
	PATCH(ssl_read_ahead);
546 550

  
547 551
	return 0;
548 552
}
......
671 675
				PATCH(ssl_verifyclient_export_cert);
672 676
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
673 677
				PATCH(ssl_disable_client_renegotiation);
678
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.read-ahead"))) {
679
				PATCH(ssl_read_ahead);
674 680
			}
675 681
		}
676 682
	}
src/connections-glue.c
127 127
			connection_set_state(srv, con, CON_STATE_ERROR);
128 128
			return -1;
129 129
		}
130
	} while (len > 0);
130
	} while (len > 0 && (con->conf.ssl_read_ahead || SSL_pending(con->ssl) > 0));
131 131

  
132 132
	if (len < 0) {
133 133
		int oerrno = errno;
......
206 206
		connection_set_state(srv, con, CON_STATE_ERROR);
207 207

  
208 208
		return -1;
209
	} else { /*(len == 0)*/
209
	} else if (len == 0) {
210 210
		con->is_readable = 0;
211 211
		/* the other end close the connection -> KEEP-ALIVE */
212 212

  
213 213
		return -2;
214
	} else {
215
		return 0;
214 216
	}
215 217
#else
216 218
	UNUSED(srv);
src/network.c
994 994
					s->ssl_pemfile);
995 995
			return -1;
996 996
		}
997
		SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1);
997
		SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
998 998
		SSL_CTX_set_mode(s->ssl_ctx,  SSL_CTX_get_mode(s->ssl_ctx)
999 999
					    | SSL_MODE_ENABLE_PARTIAL_WRITE
1000 1000
					    | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER