git:andrei/tcp_tls_changes: tls: enable PARTIAL_WRITE by default - sr-dev

9 Jul 2010

Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: d950e1dfaa6b13867bf469a76a0c33fa7eb54f4d
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d950e1df...
Author: Andrei Pelinescu-Onciul andrei@iptel.org
Committer: Andrei Pelinescu-Onciul andrei@iptel.org
Date:   Fri Jul  9 20:20:51 2010 +0200
tls: enable PARTIAL_WRITE by default
Set SSL_MODE_ENABLE_PARTIAL_WRITE and
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on startup.
---
modules/tls/tls_domain.c |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c
index 762991a..97dc942 100644
--- a/modules/tls/tls_domain.c
+++ b/modules/tls/tls_domain.c
@@ -851,6 +851,22 @@ int tls_fix_domains_cfg(tls_domains_cfg_t* cfg, tls_domain_t* srv_defaults,
    	ERR("invalid ssl_read_ahead value (%d)\n", ssl_read_ahead);
    	return -1;
    }
+	/* set options for SSL_write:
+		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER - needed when queueing
+		  clear text for a future write (WANTS_READ). In this case the
+		  buffer address will change for the repeated SSL_write() and
+		  without this option it will trigger the openssl sanity checks.
+		SSL_MODE_ENABLE_PARTIAL_WRITE - needed to deal with potentially
+		  huge multi-record writes that don't fit in the default buffer
+		  (the default buffer must have space for at least 1 record) */
+	if (tls_foreach_CTX_in_cfg(cfg, tls_ssl_ctx_mode,
+								SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+								SSL_MODE_ENABLE_PARTIAL_WRITE,
+								0) < 0) {
+		ERR("could not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and"
+				" SSL_MODE_ENABLE_PARTIAL_WRITE\n");
+		return -1;
+	}
return 0;
 }

    