diff options
| -rw-r--r-- | src/base.h | 1 | ||||
| -rw-r--r-- | src/configfile.c | 6 | ||||
| -rw-r--r-- | src/connections-glue.c | 6 | ||||
| -rw-r--r-- | src/network.c | 2 |
4 files changed, 12 insertions, 3 deletions
@@ -295,6 +295,7 @@ typedef struct { buffer *ssl_verifyclient_username; unsigned short ssl_verifyclient_export_cert; unsigned short ssl_disable_client_renegotiation; + unsigned short ssl_read_ahead; unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */ unsigned short defer_accept; diff --git a/src/configfile.c b/src/configfile.c index f40248f3..bba69250 100644 --- a/src/configfile.c +++ b/src/configfile.c @@ -144,6 +144,7 @@ static int config_insert(server *srv) { { "server.stream-request-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 76 */ { "server.stream-response-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 77 */ { "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */ + { "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; @@ -247,6 +248,7 @@ static int config_insert(server *srv) { s->ssl_verifyclient_depth = 9; s->ssl_verifyclient_export_cert = 0; s->ssl_disable_client_renegotiation = 1; + s->ssl_read_ahead = (0 == i ? 1 : srv->config_storage[0]->ssl_read_ahead); s->listen_backlog = (0 == i ? 1024 : srv->config_storage[0]->listen_backlog); s->stream_request_body = 0; s->stream_response_body = 0; @@ -315,6 +317,7 @@ static int config_insert(server *srv) { #endif cv[76].destination = &(s->stream_request_body); cv[77].destination = &(s->stream_response_body); + cv[79].destination = &(s->ssl_read_ahead); srv->config_storage[i] = s; @@ -543,6 +546,7 @@ int config_setup_connection(server *srv, connection *con) { PATCH(ssl_verifyclient_username); PATCH(ssl_verifyclient_export_cert); PATCH(ssl_disable_client_renegotiation); + PATCH(ssl_read_ahead); return 0; } @@ -671,6 +675,8 @@ int config_patch_connection(server *srv, connection *con) { PATCH(ssl_verifyclient_export_cert); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) { PATCH(ssl_disable_client_renegotiation); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.read-ahead"))) { + PATCH(ssl_read_ahead); } } } diff --git a/src/connections-glue.c b/src/connections-glue.c index d30c229a..80104b67 100644 --- a/src/connections-glue.c +++ b/src/connections-glue.c @@ -127,7 +127,7 @@ static int connection_handle_read_ssl(server *srv, connection *con) { connection_set_state(srv, con, CON_STATE_ERROR); return -1; } - } while (len > 0); + } while (len > 0 && (con->conf.ssl_read_ahead || SSL_pending(con->ssl) > 0)); if (len < 0) { int oerrno = errno; @@ -206,11 +206,13 @@ static int connection_handle_read_ssl(server *srv, connection *con) { connection_set_state(srv, con, CON_STATE_ERROR); return -1; - } else { /*(len == 0)*/ + } else if (len == 0) { con->is_readable = 0; /* the other end close the connection -> KEEP-ALIVE */ return -2; + } else { + return 0; } #else UNUSED(srv); diff --git a/src/network.c b/src/network.c index b46dcf71..4295fe96 100644 --- a/src/network.c +++ b/src/network.c @@ -994,7 +994,7 @@ int network_init(server *srv) { s->ssl_pemfile); return -1; } - SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1); + SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead); SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx) | SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |