New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a 'max_send_frag' option to configure maximum size of send fragments #3141
Add a 'max_send_frag' option to configure maximum size of send fragments #3141
Conversation
c058a9e
to
88934fb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nits.
apps/s_client.c
Outdated
@@ -1432,6 +1442,11 @@ int s_client_main(int argc, char **argv) | |||
goto end; | |||
} | |||
|
|||
if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { | |||
BIO_printf(bio_err, "Bad max send fragment size\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
plug put "%s: " and print prog.
apps/s_server.c
Outdated
@@ -1543,6 +1556,11 @@ int s_server_main(int argc, char *argv[]) | |||
} | |||
#endif | |||
|
|||
if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { | |||
BIO_printf(bio_err, "Bad max send fragment size\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
output prog name here, too. I know it's not always done, but let's get in the habit of fixing these.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will fix some more in another PR ;)
doc/man1/s_client.pod
Outdated
=item B<-max_send_frag int> | ||
|
||
The maximum size of data fragment to send. See | ||
L<SSL_CTX_set_max_send_fragment(3)> for further information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there's a SEE ALSO section, add a link there, too.
88934fb
to
5fb6f61
Compare
=item B<-max_send_frag int> | ||
|
||
The maximum size of data fragment to send. | ||
See L<SSL_CTX_set_max_send_fragment(3)> for further information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, SSL_CTX_set_max_send_fragment says that it "will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH." This kind of suggests that one should check for it's return value and at least issue warning that attempt is failed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean as it stands now it only checks for upper limit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checks added !
apps/s_server.c
Outdated
@@ -1741,6 +1759,10 @@ int s_server_main(int argc, char *argv[]) | |||
if (async) { | |||
SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); | |||
} | |||
|
|||
if (max_send_fragment > 0) | |||
SSL_CTX_set_max_send_fragment(ctx, max_send_fragment); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The returned value should be checked. 0 indicates failure... and really, that should also be done for the three calls below as well...
dad7fe6
to
7d81e34
Compare
7d81e34
to
ac71e51
Compare
apps/s_client.c
Outdated
goto end; | ||
} | ||
|
||
if (max_pipelines > SSL_MAX_PIPELINES) { | ||
BIO_printf(bio_err, "Bad max pipelines value\n"); | ||
BIO_printf(bio_err, "%s: too large max-pipelines value\n", prog); | ||
goto end; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, all these checks are a bit over the top. What happens when the libssl code changes those ranges, will we have to keep track of that and update the values here as well? It should be enough that SSL_CTX_set_max_send_fragment()
, SSL_CTX_set_split_send_fragment()
, SSL_CTX_set_max_pipelines()
and SSL_ friends return 0 when the given argument is out of range...
apps/s_client.c
Outdated
|
||
if (max_send_fragment > 0 | ||
&& !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { | ||
BIO_printf(bio_err, "%s: Error setting max send fragment size\n", prog); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest this:
if (!SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
prog, max_send_fragment);
apps/s_client.c
Outdated
|
||
if (split_send_fragment > 0 | ||
&& !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { | ||
BIO_printf(bio_err, "%s: Error setting split send fragment size\n", prog); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest this:
if (!SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
prog, split_send_fragment);
apps/s_client.c
Outdated
|
||
if (max_pipelines > 0 | ||
&& !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { | ||
BIO_printf(bio_err, "%s: Error setting max pipelines\n", prog); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest this:
if (!SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
prog, max_pipelines);
apps/s_server.c
Outdated
if (max_pipelines > SSL_MAX_PIPELINES) { | ||
BIO_printf(bio_err, "Bad max pipelines value\n"); | ||
BIO_printf(bio_err, "%s:too large max-pipelines value\n", prog); | ||
goto end; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment here as for s_client.c
apps/s_server.c
Outdated
if (max_pipelines > 0 | ||
&& !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { | ||
BIO_printf(bio_err, "%s: Error setting max pipelines value\n", prog); | ||
goto end; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same suggestions here as in s_client.c
ac71e51
to
645a971
Compare
@levitte : rebased and error message updated. |
I think you misunderstood me. It wasn't just about the message, but also about all that unnecessary checking of values, which is done in |
645a971
to
00d2b4d
Compare
00d2b4d
to
ec3798d
Compare
@levitte : rebased on top of last master. It it OK ? |
apps/s_client.c
Outdated
@@ -1444,6 +1440,7 @@ int s_client_main(int argc, char **argv) | |||
goto end; | |||
} | |||
|
|||
<<<<<<< HEAD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this line should go ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gone ! ;)
ec3798d
to
1c44fc7
Compare
Remove hardcoded bound checkings.
1c44fc7
to
b9593a3
Compare
Rebased and conflict fixed. Ready to merge . |
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
should the doc say that the RELEASE-BUFFERS flag is needed for this to actually reduce memory? |
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 28e5ea8
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) Cherry-oick from 6788785
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 36b2cfb
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 28e5ea8
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) Cherry-oick from 6788785
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 36b2cfb
Checklist
Noticed while working on #1008