Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 5395:a720f0b0e083
SSL: adjust buffer used by OpenSSL during handshake (ticket #413).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 27 Sep 2013 19:39:33 +0400 |
parents | cfbf1d1cc233 |
children | 5b5a486bd40e |
comparison
equal
deleted
inserted
replaced
5394:8c827bb1b2b6 | 5395:a720f0b0e083 |
---|---|
519 | 519 |
520 | 520 |
521 static void | 521 static void |
522 ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) | 522 ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) |
523 { | 523 { |
524 BIO *rbio, *wbio; | |
524 ngx_connection_t *c; | 525 ngx_connection_t *c; |
525 | 526 |
526 if (where & SSL_CB_HANDSHAKE_START) { | 527 if (where & SSL_CB_HANDSHAKE_START) { |
527 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | 528 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
528 | 529 |
529 if (c->ssl->handshaked) { | 530 if (c->ssl->handshaked) { |
530 c->ssl->renegotiation = 1; | 531 c->ssl->renegotiation = 1; |
531 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation"); | 532 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation"); |
533 } | |
534 } | |
535 | |
536 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) { | |
537 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
538 | |
539 if (!c->ssl->handshake_buffer_set) { | |
540 /* | |
541 * By default OpenSSL uses 4k buffer during a handshake, | |
542 * which is too low for long certificate chains and might | |
543 * result in extra round-trips. | |
544 * | |
545 * To adjust a buffer size we detect that buffering was added | |
546 * to write side of the connection by comparing rbio and wbio. | |
547 * If they are different, we assume that it's due to buffering | |
548 * added to wbio, and set buffer size. | |
549 */ | |
550 | |
551 rbio = SSL_get_rbio(ssl_conn); | |
552 wbio = SSL_get_wbio(ssl_conn); | |
553 | |
554 if (rbio != wbio) { | |
555 (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE); | |
556 c->ssl->handshake_buffer_set = 1; | |
557 } | |
532 } | 558 } |
533 } | 559 } |
534 } | 560 } |
535 | 561 |
536 | 562 |