Add a 'max_send_frag' option to configure maximum size of send fragments #3141
Conversation
FdaSilvaYY
changed the title
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
c058a9e
to
88934fb
Compare
apps/s_client.c
Outdated
| @@ -1432,6 +1442,11 @@ int s_client_main(int argc, char **argv) | |||
| goto end; | |||
| } | |||
|
|
|||
| if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { | |||
| BIO_printf(bio_err, "Bad max send fragment size\n"); | |||
There was a problem hiding this comment.
plug put "%s: " and print prog.
apps/s_server.c
Outdated
| @@ -1543,6 +1556,11 @@ int s_server_main(int argc, char *argv[]) | |||
| } | |||
| #endif | |||
|
|
|||
| if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { | |||
| BIO_printf(bio_err, "Bad max send fragment size\n"); | |||
There was a problem hiding this comment.
output prog name here, too. I know it's not always done, but let's get in the habit of fixing these.
There was a problem hiding this comment.
I will fix some more in another PR ;)
doc/man1/s_client.pod
Outdated
| =item B<-max_send_frag int> | ||
|
|
||
| The maximum size of data fragment to send. See | ||
| L<SSL_CTX_set_max_send_fragment(3)> for further information. |
There was a problem hiding this comment.
If there's a SEE ALSO section, add a link there, too.
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
88934fb
to
5fb6f61
Compare
| =item B<-max_send_frag int> | ||
|
|
||
| The maximum size of data fragment to send. | ||
| See L<SSL_CTX_set_max_send_fragment(3)> for further information. |
There was a problem hiding this comment.
Well, SSL_CTX_set_max_send_fragment says that it "will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH." This kind of suggests that one should check for it's return value and at least issue warning that attempt is failed.
There was a problem hiding this comment.
I mean as it stands now it only checks for upper limit.
apps/s_server.c
Outdated
| @@ -1741,6 +1759,10 @@ int s_server_main(int argc, char *argv[]) | |||
| if (async) { | |||
| SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); | |||
| } | |||
|
|
|||
| if (max_send_fragment > 0) | |||
| SSL_CTX_set_max_send_fragment(ctx, max_send_fragment); | |||
There was a problem hiding this comment.
The returned value should be checked. 0 indicates failure... and really, that should also be done for the three calls below as well...
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
6 times, most recently
from
dad7fe6
to
7d81e34
Compare
dot-asm
added
branch: master
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
7d81e34
to
ac71e51
Compare
apps/s_client.c
Outdated
| goto end; | ||
| } | ||
|
|
||
| if (max_pipelines > SSL_MAX_PIPELINES) { | ||
| BIO_printf(bio_err, "Bad max pipelines value\n"); | ||
| BIO_printf(bio_err, "%s: too large max-pipelines value\n", prog); | ||
| goto end; | ||
| } |
There was a problem hiding this comment.
Ok, all these checks are a bit over the top. What happens when the libssl code changes those ranges, will we have to keep track of that and update the values here as well? It should be enough that SSL_CTX_set_max_send_fragment(), SSL_CTX_set_split_send_fragment(), SSL_CTX_set_max_pipelines() and SSL_ friends return 0 when the given argument is out of range...
apps/s_client.c
Outdated
|
|
||
| if (max_send_fragment > 0 | ||
| && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { | ||
| BIO_printf(bio_err, "%s: Error setting max send fragment size\n", prog); |
There was a problem hiding this comment.
I suggest this:
if (!SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
prog, max_send_fragment);
apps/s_client.c
Outdated
|
|
||
| if (split_send_fragment > 0 | ||
| && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { | ||
| BIO_printf(bio_err, "%s: Error setting split send fragment size\n", prog); |
There was a problem hiding this comment.
I suggest this:
if (!SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
prog, split_send_fragment);
apps/s_client.c
Outdated
|
|
||
| if (max_pipelines > 0 | ||
| && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { | ||
| BIO_printf(bio_err, "%s: Error setting max pipelines\n", prog); |
There was a problem hiding this comment.
I suggest this:
if (!SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
prog, max_pipelines);
apps/s_server.c
Outdated
| if (max_pipelines > SSL_MAX_PIPELINES) { | ||
| BIO_printf(bio_err, "Bad max pipelines value\n"); | ||
| BIO_printf(bio_err, "%s:too large max-pipelines value\n", prog); | ||
| goto end; | ||
| } |
There was a problem hiding this comment.
Same comment here as for s_client.c
apps/s_server.c
Outdated
| if (max_pipelines > 0 | ||
| && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { | ||
| BIO_printf(bio_err, "%s: Error setting max pipelines value\n", prog); | ||
| goto end; |
There was a problem hiding this comment.
Same suggestions here as in s_client.c
levitte
removed
the
approval: done
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
ac71e51
to
645a971
Compare
|
@levitte : rebased and error message updated. |
|
I think you misunderstood me. It wasn't just about the message, but also about all that unnecessary checking of values, which is done in |
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
645a971
to
00d2b4d
Compare
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
00d2b4d
to
ec3798d
Compare
|
@levitte : rebased on top of last master. It it OK ? |
apps/s_client.c
Outdated
| @@ -1444,6 +1440,7 @@ int s_client_main(int argc, char **argv) | |||
| goto end; | |||
| } | |||
|
|
|||
| <<<<<<< HEAD | |||
There was a problem hiding this comment.
I think this line should go ;-)
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
ec3798d
to
1c44fc7
Compare
levitte
added
the
approval: done
Remove hardcoded bound checkings.
FdaSilvaYY
force-pushed
the
add-max_send_fragment-to-apps
branch
from
1c44fc7
to
b9593a3
Compare
|
Rebased and conflict fixed. Ready to merge . |
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #3141)
|
should the doc say that the RELEASE-BUFFERS flag is needed for this to actually reduce memory? |
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 28e5ea8
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) Cherry-oick from 6788785
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 36b2cfb
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 28e5ea8
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) Cherry-oick from 6788785
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3141) cherry-pick from 36b2cfb
Checklist
Noticed while working on #1008