From e05c25865090790b4a60c376fcf630bb9466af72 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Sat, 6 Jun 2015 14:34:28 +0200
Subject: [PATCH] Add max outgoing record size option to sslprofile config

---
 src/modules/extra/m_ssl_gnutls.cpp  | 12 ++++++++++--
 src/modules/extra/m_ssl_openssl.cpp |  6 ++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e142ead11..f5e52b4e1 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -531,14 +531,20 @@ namespace GnuTLS
 		 */
 		Priority priority;
 
+		/** Rough max size of records to send
+		 */
+		const unsigned int outrecsize;
+
 		Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
 				std::auto_ptr<DHParams>& DH, unsigned int mindh, const std::string& hashstr,
-				const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL)
+				const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL,
+				unsigned int recsize)
 			: name(profilename)
 			, x509cred(certstr, keystr)
 			, min_dh_bits(mindh)
 			, hash(hashstr)
 			, priority(priostr)
+			, outrecsize(recsize)
 		{
 			x509cred.SetDH(DH);
 			x509cred.SetCA(CA, CRL);
@@ -587,7 +593,8 @@ namespace GnuTLS
 					crl.reset(new X509CRL(ReadFile(filename)));
 			}
 
-			return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl);
+			unsigned int outrecsize = tag->getInt("outrecsize", 2048, 512, 16384);
+			return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl, outrecsize);
 		}
 
 		/** Set up the given session with the settings in this profile
@@ -605,6 +612,7 @@ namespace GnuTLS
 		const std::string& GetName() const { return name; }
 		X509Credentials& GetX509Credentials() { return x509cred; }
 		gnutls_digest_algorithm_t GetHash() const { return hash.get(); }
+		unsigned int GetOutgoingRecordSize() const { return outrecsize; }
 	};
 }
 
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index c2a71eeca..f4a661154 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -238,6 +238,10 @@ namespace OpenSSL
 		 */
 		const bool allowrenego;
 
+		/** Rough max size of records to send
+		 */
+		const unsigned int outrecsize;
+
 		static int error_callback(const char* str, size_t len, void* u)
 		{
 			Profile* profile = reinterpret_cast<Profile*>(u);
@@ -278,6 +282,7 @@ namespace OpenSSL
 			, ctx(SSL_CTX_new(SSLv23_server_method()))
 			, clictx(SSL_CTX_new(SSLv23_client_method()))
 			, allowrenego(tag->getBool("renegotiation", true))
+			, outrecsize(tag->getInt("outrecsize", 2048, 512, 16384))
 		{
 			if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh)))
 				throw Exception("Couldn't set DH parameters");
@@ -337,6 +342,7 @@ namespace OpenSSL
 		SSL* CreateClientSession() { return clictx.CreateClientSession(); }
 		const EVP_MD* GetDigest() { return digest; }
 		bool AllowRenegotiation() const { return allowrenego; }
+		unsigned int GetOutgoingRecordSize() const { return outrecsize; }
 	};
 }
 
-- 
2.39.5