kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git
commit bbfbfc4c61715927c594efc75949d9bbf7d98b3d
parent 429768ba377caf853f25c97c6938fea431c59922
Author: Joris Vink <joris@coders.se>
Date:   Wed,  7 Aug 2013 16:59:45 +0200

add ssl_no_compression option to allow one to disable OpenSSL compression.

Diffstat:

includes/kore.h | 1+


modules/example/module.conf | 3+++


src/config.c | 10++++++++++


src/domain.c | 4++++


4 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/includes/kore.h b/includes/kore.h
@@ -230,6 +230,7 @@ extern char	*kore_pidfile;
 extern char	*config_file;
 extern char	*kore_ssl_cipher_list;
 extern DH	*ssl_dhparam;
+extern int	ssl_no_compression;
 
 extern u_int8_t			nlisteners;
 extern u_int64_t		spdy_idle_time;
diff --git a/modules/example/module.conf b/modules/example/module.conf
@@ -34,6 +34,9 @@ load modules/example/example.module
 # a generated DH key (See OpenSSL dhparam).
 #ssl_dhparam	dh2048.pem
 
+# Set this if you want to disable SSL zlib compression.
+#ssl_no_compression
+
 # Specify the amount of seconds a SPDY connection is kept open.
 # You can keep it open indefinately by setting this to 0.
 #spdy_idle_time		120
diff --git a/src/config.c b/src/config.c
@@ -35,6 +35,7 @@ static int		configure_certkey(char **);
 static int		configure_max_connections(char **);
 static int		configure_ssl_cipher(char **);
 static int		configure_ssl_dhparam(char **);
+static int		configure_ssl_no_compression(char **);
 static int		configure_spdy_idle_time(char **);
 static void		domain_sslstart(void);
 
@@ -49,6 +50,7 @@ static struct {
 	{ "dynamic",			configure_handler },
 	{ "ssl_cipher",			configure_ssl_cipher },
 	{ "ssl_dhparam",		configure_ssl_dhparam },
+	{ "ssl_no_compression",		configure_ssl_no_compression },
 	{ "spdy_idle_time",		configure_spdy_idle_time },
 	{ "domain",			configure_domain },
 	{ "chroot",			configure_chroot },
@@ -204,6 +206,14 @@ configure_ssl_dhparam(char **argv)
 }
 
 static int
+configure_ssl_no_compression(char **argv)
+{
+	ssl_no_compression = 1;
+
+	return (KORE_RESULT_OK);
+}
+
+static int
 configure_spdy_idle_time(char **argv)
 {
 	int		err;
diff --git a/src/domain.c b/src/domain.c
@@ -19,6 +19,7 @@
 struct kore_domain_h		domains;
 struct kore_domain		*primary_dom = NULL;
 DH				*ssl_dhparam = NULL;
+int				ssl_no_compression = 0;
 
 void
 kore_domain_init(void)
@@ -78,6 +79,9 @@ kore_domain_sslstart(struct kore_domain *dom)
 		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
 	}
 
+	if (ssl_no_compression)
+		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION);
+
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 	SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list);
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);