Module: sip-router Branch: andrei/tcp_tls_changes Commit: d950e1dfaa6b13867bf469a76a0c33fa7eb54f4d URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d950e1d… Author: Andrei Pelinescu-Onciul &lt;andrei(a)iptel.org&gt; Committer: Andrei Pelinescu-Onciul &lt;andrei(a)iptel.org&gt; Date: Fri Jul 9 20:20:51 2010 +0200 tls: enable PARTIAL_WRITE by default Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on startup. --- modules/tls/tls_domain.c | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c index 762991a..97dc942 100644 --- a/modules/tls/tls_domain.c +++ b/modules/tls/tls_domain.c @@ -851,6 +851,22 @@ int tls_fix_domains_cfg(tls_domains_cfg_t* cfg, tls_domain_t* srv_defaults, ERR("invalid ssl_read_ahead value (%d)\n", ssl_read_ahead); return -1; } + /* set options for SSL_write: + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER - needed when queueing + clear text for a future write (WANTS_READ). In this case the + buffer address will change for the repeated SSL_write() and + without this option it will trigger the openssl sanity checks. + SSL_MODE_ENABLE_PARTIAL_WRITE - needed to deal with potentially + huge multi-record writes that don't fit in the default buffer + (the default buffer must have space for at least 1 record) */ + if (tls_foreach_CTX_in_cfg(cfg, tls_ssl_ctx_mode, + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | + SSL_MODE_ENABLE_PARTIAL_WRITE, + 0) < 0) { + ERR("could not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and" + " SSL_MODE_ENABLE_PARTIAL_WRITE\n"); + return -1; + } return 0; }