Add max outgoing record size option to sslprofile config

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e142ead1188ae39be7b72081ba0c858f9bdb59f2..f5e52b4e1bfafed4de3029d93e091015c079e551 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -531,14 +531,20 @@ namespace GnuTLS
                 */
                Priority priority;
 
+               /** Rough max size of records to send
+                */
+               const unsigned int outrecsize;
+
                Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
                                std::auto_ptr<DHParams>& DH, unsigned int mindh, const std::string& hashstr,
-                               const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL)
+                               const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL,
+                               unsigned int recsize)
                        : name(profilename)
                        , x509cred(certstr, keystr)
                        , min_dh_bits(mindh)
                        , hash(hashstr)
                        , priority(priostr)
+                       , outrecsize(recsize)
                {
                        x509cred.SetDH(DH);
                        x509cred.SetCA(CA, CRL);
@@ -587,7 +593,8 @@ namespace GnuTLS
                                        crl.reset(new X509CRL(ReadFile(filename)));
                        }
 
-                       return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl);
+                       unsigned int outrecsize = tag->getInt("outrecsize", 2048, 512, 16384);
+                       return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl, outrecsize);
                }
 
                /** Set up the given session with the settings in this profile
@@ -605,6 +612,7 @@ namespace GnuTLS
                const std::string& GetName() const { return name; }
                X509Credentials& GetX509Credentials() { return x509cred; }
                gnutls_digest_algorithm_t GetHash() const { return hash.get(); }
+               unsigned int GetOutgoingRecordSize() const { return outrecsize; }
        };
 }
 

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index c2a71eecafb4ad7a835bcd0c4303e71236150c3f..f4a66115458161272171497bdc8d79dcae06b244 100644 (file)
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -238,6 +238,10 @@ namespace OpenSSL
                 */
                const bool allowrenego;
 
+               /** Rough max size of records to send
+                */
+               const unsigned int outrecsize;
+
                static int error_callback(const char* str, size_t len, void* u)
                {
                        Profile* profile = reinterpret_cast<Profile*>(u);
@@ -278,6 +282,7 @@ namespace OpenSSL
                        , ctx(SSL_CTX_new(SSLv23_server_method()))
                        , clictx(SSL_CTX_new(SSLv23_client_method()))
                        , allowrenego(tag->getBool("renegotiation", true))
+                       , outrecsize(tag->getInt("outrecsize", 2048, 512, 16384))
                {
                        if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh)))
                                throw Exception("Couldn't set DH parameters");
@@ -337,6 +342,7 @@ namespace OpenSSL
                SSL* CreateClientSession() { return clictx.CreateClientSession(); }
                const EVP_MD* GetDigest() { return digest; }
                bool AllowRenegotiation() const { return allowrenego; }
+               unsigned int GetOutgoingRecordSize() const { return outrecsize; }
        };
 }