mirror of
https://github.com/nginx/nginx.git
synced 2024-12-19 21:53:31 -06:00
SSL: adjust buffer used by OpenSSL during handshake (ticket #413).
This commit is contained in:
parent
4b2ead8871
commit
af897b7f03
@ -521,6 +521,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
|
||||
static void
|
||||
ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
|
||||
{
|
||||
BIO *rbio, *wbio;
|
||||
ngx_connection_t *c;
|
||||
|
||||
if (where & SSL_CB_HANDSHAKE_START) {
|
||||
@ -531,6 +532,31 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
|
||||
}
|
||||
}
|
||||
|
||||
if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
|
||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||
|
||||
if (!c->ssl->handshake_buffer_set) {
|
||||
/*
|
||||
* By default OpenSSL uses 4k buffer during a handshake,
|
||||
* which is too low for long certificate chains and might
|
||||
* result in extra round-trips.
|
||||
*
|
||||
* To adjust a buffer size we detect that buffering was added
|
||||
* to write side of the connection by comparing rbio and wbio.
|
||||
* If they are different, we assume that it's due to buffering
|
||||
* added to wbio, and set buffer size.
|
||||
*/
|
||||
|
||||
rbio = SSL_get_rbio(ssl_conn);
|
||||
wbio = SSL_get_wbio(ssl_conn);
|
||||
|
||||
if (rbio != wbio) {
|
||||
(void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE);
|
||||
c->ssl->handshake_buffer_set = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -48,6 +48,7 @@ typedef struct {
|
||||
unsigned buffer:1;
|
||||
unsigned no_wait_shutdown:1;
|
||||
unsigned no_send_shutdown:1;
|
||||
unsigned handshake_buffer_set:1;
|
||||
} ngx_ssl_connection_t;
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user