Reduce memory footprint for NOTLS builds. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit 07ed037a0036ddc678ba9d4d7c9cc24e4cf0d290
parent 2fc326c0ce4d0f7a86011d133ea45bcd31ba3bac
Author: Joris Vink <joris@coders.se>
Date:   Thu,  7 Jan 2016 09:20:09 +0100

Reduce memory footprint for NOTLS builds.

Diffstat:
includes/kore.h  | 28 ++++++++++++++++++++++------
src/accesslog.c  | 9 ++++++---
src/cli.c  | 4 +++-
src/connection.c  | 6 ++++--
src/domain.c  | 5 +++++
src/websocket.c  | 2 ++

6 files changed, 42 insertions(+), 12 deletions(-)
diff --git a/includes/kore.h b/includes/kore.h
@@ -22,17 +22,24 @@
 #endif
 
 #include <sys/types.h>
+#include <sys/time.h>
 #include <sys/queue.h>
 
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#if !defined(KORE_NO_TLS)
 #include <openssl/err.h>
 #include <openssl/dh.h>
 #include <openssl/ssl.h>
+#endif
 
 #include <errno.h>
 #include <regex.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
 #include <syslog.h>
 #include <unistd.h>
 
@@ -159,11 +166,13 @@ struct connection {
 	u_int8_t		state;
 	u_int8_t		proto;
 	void			*owner;
+#if !defined(KORE_NO_TLS)
+	X509			*cert;
 	SSL			*ssl;
+	int			tls_reneg;
+#endif
 	u_int8_t		flags;
 	void			*hdlr_extra;
-	X509			*cert;
-	int			tls_reneg;
 
 	int			(*handle)(struct connection *);
 	void			(*disconnect)(struct connection *);
@@ -283,12 +292,14 @@ struct kore_worker {
 
 struct kore_domain {
 	char					*domain;
-	char					*certfile;
-	char					*certkey;
+	int					accesslog;
+#if !defined(KORE_NO_TLS)
 	char					*cafile;
 	char					*crlfile;
-	int					accesslog;
+	char					*certfile;
+	char					*certkey;
 	SSL_CTX					*ssl_ctx;
+#endif
 	TAILQ_HEAD(, kore_module_handle)	handlers;
 	TAILQ_ENTRY(kore_domain)		list;
 };
@@ -385,7 +396,10 @@ extern char	*kore_pidfile;
 extern char	*config_file;
 extern char	*kore_tls_cipher_list;
 extern int	tls_version;
+
+#if !defined(KORE_NO_TLS)
 extern DH	*tls_dhparam;
+#endif
 
 extern u_int8_t			nlisteners;
 extern u_int16_t		cpu_count;
@@ -448,9 +462,11 @@ void		kore_timer_remove(struct kore_timer *);
 struct kore_timer	*kore_timer_add(void (*cb)(void *, u_int64_t),
 			    u_int64_t, void *, int);
 
-int		kore_tls_sni_cb(SSL *, int *, void *);
 int		kore_server_bind(const char *, const char *, const char *);
+#if !defined(KORE_NO_TLS)
+int		kore_tls_sni_cb(SSL *, int *, void *);
 void		kore_tls_info_callback(const SSL *, int, int);
+#endif
 
 void			kore_connection_init(void);
 void			kore_connection_prune(int);
diff --git a/src/accesslog.c b/src/accesslog.c
@@ -32,7 +32,9 @@ struct kore_log_packet {
 	char		host[KORE_DOMAINNAME_LEN];
 	char		path[HTTP_URI_LEN];
 	char		agent[HTTP_USERAGENT_LEN];
+#if !defined(KORE_NO_TLS)
 	char		cn[X509_CN_LENGTH];
+#endif
 };
 
 void
@@ -90,10 +92,11 @@ kore_accesslog_write(const void *data, u_int32_t len)
 		break;
 	}
 
+	cn = "none";
+#if !defined(KORE_NO_TLS)
 	if (logpacket.cn[0] != '\0')
 		cn = logpacket.cn;
-	else
-		cn = "none";
+#endif
 
 	if (inet_ntop(logpacket.addrtype, &(logpacket.addr),
 	    addr, sizeof(addr)) == NULL)
@@ -157,8 +160,8 @@ kore_accesslog(struct http_request *req)
 		    sizeof(logpacket.agent));
 	}
 
-	memset(logpacket.cn, '\0', sizeof(logpacket.cn));
 #if !defined(KORE_NO_TLS)
+	memset(logpacket.cn, '\0', sizeof(logpacket.cn));
 	if (req->owner->cert != NULL) {
 		if (X509_GET_CN(req->owner->cert,
 		    logpacket.cn, sizeof(logpacket.cn)) == -1) {
diff --git a/src/cli.c b/src/cli.c
@@ -920,7 +920,9 @@ cli_compile_cfile(void *arg)
 #if defined(KORE_NO_HTTP)
 	args[idx++] = "-DKORE_NO_HTTP";
 #endif
-
+#if defined(KORE_NO_TLS)
+	args[idx++] = "-DKORE_NO_TLS";
+#endif
 	args[idx++] = "-Wall";
 	args[idx++] = "-Wmissing-declarations";
 	args[idx++] = "-Wshadow";
diff --git a/src/connection.c b/src/connection.c
@@ -45,13 +45,15 @@ kore_connection_new(void *owner)
 
 	c = kore_pool_get(&connection_pool);
 
+#if !defined(KORE_NO_TLS)
 	c->ssl = NULL;
+	c->cert = NULL;
+	c->tls_reneg = 0;
+#endif
 	c->flags = 0;
 	c->rnb = NULL;
 	c->snb = NULL;
-	c->cert = NULL;
 	c->owner = owner;
-	c->tls_reneg = 0;
 	c->handle = NULL;
 	c->disconnect = NULL;
 	c->hdlr_extra = NULL;
diff --git a/src/domain.c b/src/domain.c
@@ -24,8 +24,11 @@
 
 struct kore_domain_h		domains;
 struct kore_domain		*primary_dom = NULL;
+
+#if !defined(KORE_NO_TLS)
 DH				*tls_dhparam = NULL;
 int				tls_version = KORE_TLS_VERSION_1_2;
+#endif
 
 static void	domain_load_crl(struct kore_domain *);
 
@@ -51,11 +54,13 @@ kore_domain_new(char *domain)
 
 	dom = kore_malloc(sizeof(*dom));
 	dom->accesslog = -1;
+#if !defined(KORE_NO_TLS)
 	dom->cafile = NULL;
 	dom->certkey = NULL;
 	dom->ssl_ctx = NULL;
 	dom->certfile = NULL;
 	dom->crlfile = NULL;
+#endif
 	dom->domain = kore_strdup(domain);
 	TAILQ_INIT(&(dom->handlers));
 	TAILQ_INSERT_TAIL(&domains, dom, list);
diff --git a/src/websocket.c b/src/websocket.c
@@ -16,6 +16,8 @@
 
 #include <sys/param.h>
 
+#include <openssl/sha.h>
+
 #include <limits.h>
 
 #include "kore.h"

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git

includes/kore.h	\|	28	++++++++++++++++++++++------
src/accesslog.c	\|	9	++++++---
src/cli.c	\|	4	+++-
src/connection.c	\|	6	++++--
src/domain.c	\|	5	+++++
src/websocket.c	\|	2	++