kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 07ed037a0036ddc678ba9d4d7c9cc24e4cf0d290
parent 2fc326c0ce4d0f7a86011d133ea45bcd31ba3bac
Author: Joris Vink <joris@coders.se>
Date:   Thu,  7 Jan 2016 09:20:09 +0100

Reduce memory footprint for NOTLS builds.

Diffstat:
includes/kore.h | 28++++++++++++++++++++++------
src/accesslog.c | 9++++++---
src/cli.c | 4+++-
src/connection.c | 6++++--
src/domain.c | 5+++++
src/websocket.c | 2++
6 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/includes/kore.h b/includes/kore.h @@ -22,17 +22,24 @@ #endif #include <sys/types.h> +#include <sys/time.h> #include <sys/queue.h> #include <netinet/in.h> #include <arpa/inet.h> +#if !defined(KORE_NO_TLS) #include <openssl/err.h> #include <openssl/dh.h> #include <openssl/ssl.h> +#endif #include <errno.h> #include <regex.h> +#include <stdarg.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> #include <syslog.h> #include <unistd.h> @@ -159,11 +166,13 @@ struct connection { u_int8_t state; u_int8_t proto; void *owner; +#if !defined(KORE_NO_TLS) + X509 *cert; SSL *ssl; + int tls_reneg; +#endif u_int8_t flags; void *hdlr_extra; - X509 *cert; - int tls_reneg; int (*handle)(struct connection *); void (*disconnect)(struct connection *); @@ -283,12 +292,14 @@ struct kore_worker { struct kore_domain { char *domain; - char *certfile; - char *certkey; + int accesslog; +#if !defined(KORE_NO_TLS) char *cafile; char *crlfile; - int accesslog; + char *certfile; + char *certkey; SSL_CTX *ssl_ctx; +#endif TAILQ_HEAD(, kore_module_handle) handlers; TAILQ_ENTRY(kore_domain) list; }; @@ -385,7 +396,10 @@ extern char *kore_pidfile; extern char *config_file; extern char *kore_tls_cipher_list; extern int tls_version; + +#if !defined(KORE_NO_TLS) extern DH *tls_dhparam; +#endif extern u_int8_t nlisteners; extern u_int16_t cpu_count; @@ -448,9 +462,11 @@ void kore_timer_remove(struct kore_timer *); struct kore_timer *kore_timer_add(void (*cb)(void *, u_int64_t), u_int64_t, void *, int); -int kore_tls_sni_cb(SSL *, int *, void *); int kore_server_bind(const char *, const char *, const char *); +#if !defined(KORE_NO_TLS) +int kore_tls_sni_cb(SSL *, int *, void *); void kore_tls_info_callback(const SSL *, int, int); +#endif void kore_connection_init(void); void kore_connection_prune(int); diff --git a/src/accesslog.c b/src/accesslog.c @@ -32,7 +32,9 @@ struct kore_log_packet { char host[KORE_DOMAINNAME_LEN]; char path[HTTP_URI_LEN]; char agent[HTTP_USERAGENT_LEN]; +#if !defined(KORE_NO_TLS) char cn[X509_CN_LENGTH]; +#endif }; void @@ -90,10 +92,11 @@ kore_accesslog_write(const void *data, u_int32_t len) break; } + cn = "none"; +#if !defined(KORE_NO_TLS) if (logpacket.cn[0] != '\0') cn = logpacket.cn; - else - cn = "none"; +#endif if (inet_ntop(logpacket.addrtype, &(logpacket.addr), addr, sizeof(addr)) == NULL) @@ -157,8 +160,8 @@ kore_accesslog(struct http_request *req) sizeof(logpacket.agent)); } - memset(logpacket.cn, '\0', sizeof(logpacket.cn)); #if !defined(KORE_NO_TLS) + memset(logpacket.cn, '\0', sizeof(logpacket.cn)); if (req->owner->cert != NULL) { if (X509_GET_CN(req->owner->cert, logpacket.cn, sizeof(logpacket.cn)) == -1) { diff --git a/src/cli.c b/src/cli.c @@ -920,7 +920,9 @@ cli_compile_cfile(void *arg) #if defined(KORE_NO_HTTP) args[idx++] = "-DKORE_NO_HTTP"; #endif - +#if defined(KORE_NO_TLS) + args[idx++] = "-DKORE_NO_TLS"; +#endif args[idx++] = "-Wall"; args[idx++] = "-Wmissing-declarations"; args[idx++] = "-Wshadow"; diff --git a/src/connection.c b/src/connection.c @@ -45,13 +45,15 @@ kore_connection_new(void *owner) c = kore_pool_get(&connection_pool); +#if !defined(KORE_NO_TLS) c->ssl = NULL; + c->cert = NULL; + c->tls_reneg = 0; +#endif c->flags = 0; c->rnb = NULL; c->snb = NULL; - c->cert = NULL; c->owner = owner; - c->tls_reneg = 0; c->handle = NULL; c->disconnect = NULL; c->hdlr_extra = NULL; diff --git a/src/domain.c b/src/domain.c @@ -24,8 +24,11 @@ struct kore_domain_h domains; struct kore_domain *primary_dom = NULL; + +#if !defined(KORE_NO_TLS) DH *tls_dhparam = NULL; int tls_version = KORE_TLS_VERSION_1_2; +#endif static void domain_load_crl(struct kore_domain *); @@ -51,11 +54,13 @@ kore_domain_new(char *domain) dom = kore_malloc(sizeof(*dom)); dom->accesslog = -1; +#if !defined(KORE_NO_TLS) dom->cafile = NULL; dom->certkey = NULL; dom->ssl_ctx = NULL; dom->certfile = NULL; dom->crlfile = NULL; +#endif dom->domain = kore_strdup(domain); TAILQ_INIT(&(dom->handlers)); TAILQ_INSERT_TAIL(&domains, dom, list); diff --git a/src/websocket.c b/src/websocket.c @@ -16,6 +16,8 @@ #include <sys/param.h> +#include <openssl/sha.h> + #include <limits.h> #include "kore.h"