X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=include%2Fmodules%2Fssl.h;h=9cc504128daae20a0daee6b4ea0c2880d8ccaa67;hb=7770cd985405c7630e9149fc08c314ec824a9c75;hp=0f58e0b7bfce4bf43d6c3357b052e6e900ae420c;hpb=3a3ff949670c61a4a8856e1391222e156eb1cd17;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index 0f58e0b7b..9cc504128 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -138,7 +138,40 @@ class SSLIOHook : public IOHook
 	 */
 	reference<ssl_cert> certificate;
 
+	/** Reduce elements in a send queue by appending later elements to the first element until there are no more
+	 * elements to append or a desired length is reached
+	 * @param sendq SendQ to work on
+	 * @param targetsize Target size of the front element
+	 */
+	static void FlattenSendQueue(StreamSocket::SendQueue& sendq, size_t targetsize)
+	{
+		if ((sendq.size() <= 1) || (sendq.front().length() >= targetsize))
+			return;
+
+		// Avoid multiple repeated SSL encryption invocations
+		// This adds a single copy of the queue, but avoids
+		// much more overhead in terms of system calls invoked
+		// by an IOHook.
+		std::string tmp;
+		tmp.reserve(std::min(targetsize, sendq.bytes())+1);
+		do
+		{
+			tmp.append(sendq.front());
+			sendq.pop_front();
+		}
+		while (!sendq.empty() && tmp.length() < targetsize);
+		sendq.push_front(tmp);
+	}
+
  public:
+	static SSLIOHook* IsSSL(StreamSocket* sock)
+	{
+		IOHook* const iohook = sock->GetIOHook();
+		if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL)))
+			return static_cast<SSLIOHook*>(iohook);
+		return NULL;
+	}
+
 	SSLIOHook(IOHookProvider* hookprov)
 		: IOHook(hookprov)
 	{
@@ -165,6 +198,12 @@ class SSLIOHook : public IOHook
 			return cert->GetFingerprint();
 		return "";
 	}
+
+	/**
+	 * Get the ciphersuite negotiated with the peer
+	 * @param out String where the ciphersuite string will be appended to
+	 */
+	virtual void GetCiphersuite(std::string& out) const = 0;
 };
 
 /** Helper functions for obtaining SSL client certificates and key fingerprints
@@ -180,11 +219,10 @@ class SSLClientCert
 	 */
 	static ssl_cert* GetCertificate(StreamSocket* sock)
 	{
-		IOHook* iohook = sock->GetIOHook();
-		if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL))
+		SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock);
+		if (!ssliohook)
 			return NULL;
 
-		SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook);
 		return ssliohook->GetCertificate();
 	}