kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit bbfbfc4c61715927c594efc75949d9bbf7d98b3d
parent 429768ba377caf853f25c97c6938fea431c59922
Author: Joris Vink <joris@coders.se>
Date:   Wed,  7 Aug 2013 16:59:45 +0200

add ssl_no_compression option to allow one to disable OpenSSL compression.

Diffstat:
includes/kore.h | 1+
modules/example/module.conf | 3+++
src/config.c | 10++++++++++
src/domain.c | 4++++
4 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/includes/kore.h b/includes/kore.h @@ -230,6 +230,7 @@ extern char *kore_pidfile; extern char *config_file; extern char *kore_ssl_cipher_list; extern DH *ssl_dhparam; +extern int ssl_no_compression; extern u_int8_t nlisteners; extern u_int64_t spdy_idle_time; diff --git a/modules/example/module.conf b/modules/example/module.conf @@ -34,6 +34,9 @@ load modules/example/example.module # a generated DH key (See OpenSSL dhparam). #ssl_dhparam dh2048.pem +# Set this if you want to disable SSL zlib compression. +#ssl_no_compression + # Specify the amount of seconds a SPDY connection is kept open. # You can keep it open indefinately by setting this to 0. #spdy_idle_time 120 diff --git a/src/config.c b/src/config.c @@ -35,6 +35,7 @@ static int configure_certkey(char **); static int configure_max_connections(char **); static int configure_ssl_cipher(char **); static int configure_ssl_dhparam(char **); +static int configure_ssl_no_compression(char **); static int configure_spdy_idle_time(char **); static void domain_sslstart(void); @@ -49,6 +50,7 @@ static struct { { "dynamic", configure_handler }, { "ssl_cipher", configure_ssl_cipher }, { "ssl_dhparam", configure_ssl_dhparam }, + { "ssl_no_compression", configure_ssl_no_compression }, { "spdy_idle_time", configure_spdy_idle_time }, { "domain", configure_domain }, { "chroot", configure_chroot }, @@ -204,6 +206,14 @@ configure_ssl_dhparam(char **argv) } static int +configure_ssl_no_compression(char **argv) +{ + ssl_no_compression = 1; + + return (KORE_RESULT_OK); +} + +static int configure_spdy_idle_time(char **argv) { int err; diff --git a/src/domain.c b/src/domain.c @@ -19,6 +19,7 @@ struct kore_domain_h domains; struct kore_domain *primary_dom = NULL; DH *ssl_dhparam = NULL; +int ssl_no_compression = 0; void kore_domain_init(void) @@ -78,6 +79,9 @@ kore_domain_sslstart(struct kore_domain *dom) SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE); } + if (ssl_no_compression) + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION); + SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list); SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);