summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2015-06-06 14:34:28 +0200
committerAttila Molnar <attilamolnar@hush.com>2015-06-06 14:34:28 +0200
commite05c25865090790b4a60c376fcf630bb9466af72 (patch)
treea24542742f8c8b17720767f2c93b64092f402165
parent1f0485039a276ad1c2fa3d53d284e3a87940ec77 (diff)
Add max outgoing record size option to sslprofile config
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp12
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp6
2 files changed, 16 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e142ead11..f5e52b4e1 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -531,14 +531,20 @@ namespace GnuTLS
*/
Priority priority;
+ /** Rough max size of records to send
+ */
+ const unsigned int outrecsize;
+
Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
std::auto_ptr<DHParams>& DH, unsigned int mindh, const std::string& hashstr,
- const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL)
+ const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL,
+ unsigned int recsize)
: name(profilename)
, x509cred(certstr, keystr)
, min_dh_bits(mindh)
, hash(hashstr)
, priority(priostr)
+ , outrecsize(recsize)
{
x509cred.SetDH(DH);
x509cred.SetCA(CA, CRL);
@@ -587,7 +593,8 @@ namespace GnuTLS
crl.reset(new X509CRL(ReadFile(filename)));
}
- return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl);
+ unsigned int outrecsize = tag->getInt("outrecsize", 2048, 512, 16384);
+ return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl, outrecsize);
}
/** Set up the given session with the settings in this profile
@@ -605,6 +612,7 @@ namespace GnuTLS
const std::string& GetName() const { return name; }
X509Credentials& GetX509Credentials() { return x509cred; }
gnutls_digest_algorithm_t GetHash() const { return hash.get(); }
+ unsigned int GetOutgoingRecordSize() const { return outrecsize; }
};
}
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index c2a71eeca..f4a661154 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -238,6 +238,10 @@ namespace OpenSSL
*/
const bool allowrenego;
+ /** Rough max size of records to send
+ */
+ const unsigned int outrecsize;
+
static int error_callback(const char* str, size_t len, void* u)
{
Profile* profile = reinterpret_cast<Profile*>(u);
@@ -278,6 +282,7 @@ namespace OpenSSL
, ctx(SSL_CTX_new(SSLv23_server_method()))
, clictx(SSL_CTX_new(SSLv23_client_method()))
, allowrenego(tag->getBool("renegotiation", true))
+ , outrecsize(tag->getInt("outrecsize", 2048, 512, 16384))
{
if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh)))
throw Exception("Couldn't set DH parameters");
@@ -337,6 +342,7 @@ namespace OpenSSL
SSL* CreateClientSession() { return clictx.CreateClientSession(); }
const EVP_MD* GetDigest() { return digest; }
bool AllowRenegotiation() const { return allowrenego; }
+ unsigned int GetOutgoingRecordSize() const { return outrecsize; }
};
}