Browse code

tls: enable PARTIAL_WRITE by default

Set SSL_MODE_ENABLE_PARTIAL_WRITE and
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on startup.

Andrei Pelinescu-Onciul authored on 09/07/2010 18:20:51
Showing 1 changed files
... ...
@@ -851,6 +851,22 @@ int tls_fix_domains_cfg(tls_domains_cfg_t* cfg, tls_domain_t* srv_defaults,
851 851
 		ERR("invalid ssl_read_ahead value (%d)\n", ssl_read_ahead);
852 852
 		return -1;
853 853
 	}
854
+	/* set options for SSL_write:
855
+		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER - needed when queueing
856
+		  clear text for a future write (WANTS_READ). In this case the
857
+		  buffer address will change for the repeated SSL_write() and
858
+		  without this option it will trigger the openssl sanity checks.
859
+		SSL_MODE_ENABLE_PARTIAL_WRITE - needed to deal with potentially
860
+		  huge multi-record writes that don't fit in the default buffer
861
+		  (the default buffer must have space for at least 1 record) */
862
+	if (tls_foreach_CTX_in_cfg(cfg, tls_ssl_ctx_mode,
863
+								SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
864
+								SSL_MODE_ENABLE_PARTIAL_WRITE,
865
+								0) < 0) {
866
+		ERR("could not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and"
867
+				" SSL_MODE_ENABLE_PARTIAL_WRITE\n");
868
+		return -1;
869
+	}
854 870
 
855 871
 	return 0;
856 872
 }