diff options
author | Fedor Indutny <fedor.indutny@gmail.com> | 2014-01-17 18:46:49 +0000 |
---|---|---|
committer | Fedor Indutny <fedor.indutny@gmail.com> | 2014-01-20 20:39:57 +0400 |
commit | 7f9b01509f28de5888a45b8b1af5667e507a0c94 (patch) | |
tree | 3d1e436601a0badaeabe49a4939a686b9d48a20b | |
parent | 023f0a3122d54e3f331f32f5cfe0cb0df9e8f131 (diff) | |
download | android-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.tar.gz android-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.tar.bz2 android-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.zip |
lib: introduce `.setMaxSendFragment(size)`
fix #6889
-rw-r--r-- | doc/api/tls.markdown | 12 | ||||
-rw-r--r-- | lib/_tls_wrap.js | 4 | ||||
-rw-r--r-- | src/node_crypto.cc | 19 | ||||
-rw-r--r-- | src/node_crypto.h | 5 | ||||
-rw-r--r-- | test/simple/test-tls-max-send-fragment.js | 72 |
5 files changed, 112 insertions, 0 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 97c78fea8f..cf7a87fa2a 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -634,6 +634,18 @@ has been established. ANOTHER NOTE: When running as the server, socket will be destroyed with an error after `handshakeTimeout` timeout. +### tlsSocket.setMaxSendFragment(size) + +Set maximum TLS fragment size (default and maximum value is: `16384`, minimum +is: `512`). Returns `true` on success, `false` otherwise. + +Smaller fragment size decreases buffering latency on the client: large +fragments are buffered by the TLS layer until the entire fragment is received +and its integrity is verified; large fragments can span multiple roundtrips, +and their processing can be delayed due to packet loss or reordering. However, +smaller fragments add extra TLS framing bytes and CPU overhead, which may +decrease overall server throughput. + ### tlsSocket.address() Returns the bound address, the address family name and port of the diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index c6996048e1..ff794e7cea 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -303,6 +303,10 @@ TLSSocket.prototype.renegotiate = function(options, callback) { return true; }; +TLSSocket.prototype.setMaxSendFragment = function setMaxSendFragment(size) { + return this.ssl.setMaxSendFragment(size) == 1; +}; + TLSSocket.prototype._handleTimeout = function() { this._tlsError(new Error('TLS handshake timeout')); }; diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 936f3a9038..1017e2f5b0 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -857,6 +857,10 @@ void SSLWrap<Base>::AddMethods(Handle<FunctionTemplate> t) { NODE_SET_PROTOTYPE_METHOD(t, "renegotiate", Renegotiate); NODE_SET_PROTOTYPE_METHOD(t, "shutdown", Shutdown); +#ifdef SSL_set_max_send_fragment + NODE_SET_PROTOTYPE_METHOD(t, "setMaxSendFragment", SetMaxSendFragment); +#endif // SSL_set_max_send_fragment + #ifdef OPENSSL_NPN_NEGOTIATED NODE_SET_PROTOTYPE_METHOD(t, "getNegotiatedProtocol", GetNegotiatedProto); NODE_SET_PROTOTYPE_METHOD(t, "setNPNProtocols", SetNPNProtocols); @@ -1240,6 +1244,21 @@ void SSLWrap<Base>::Shutdown(const FunctionCallbackInfo<Value>& args) { } +#ifdef SSL_set_max_send_fragment +template <class Base> +void SSLWrap<Base>::SetMaxSendFragment( + const v8::FunctionCallbackInfo<v8::Value>& args) { + HandleScope scope(node_isolate); + CHECK(args.Length() >= 1 && args[0]->IsNumber()); + + Base* w = Unwrap<Base>(args.This()); + + int rv = SSL_set_max_send_fragment(w->ssl_, args[0]->Int32Value()); + args.GetReturnValue().Set(rv); +} +#endif // SSL_set_max_send_fragment + + template <class Base> void SSLWrap<Base>::IsInitFinished(const FunctionCallbackInfo<Value>& args) { HandleScope scope(node_isolate); diff --git a/src/node_crypto.h b/src/node_crypto.h index 2357ca4a2d..7f29e89590 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -188,6 +188,11 @@ class SSLWrap { static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); +#ifdef SSL_set_max_send_fragment + static void SetMaxSendFragment( + const v8::FunctionCallbackInfo<v8::Value>& args); +#endif // SSL_set_max_send_fragment + #ifdef OPENSSL_NPN_NEGOTIATED static void GetNegotiatedProto( const v8::FunctionCallbackInfo<v8::Value>& args); diff --git a/test/simple/test-tls-max-send-fragment.js b/test/simple/test-tls-max-send-fragment.js new file mode 100644 index 0000000000..f6fdf25120 --- /dev/null +++ b/test/simple/test-tls-max-send-fragment.js @@ -0,0 +1,72 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +if (!process.versions.openssl) { + console.error('Skipping because node compiled without OpenSSL.'); + process.exit(0); +} + +var assert = require('assert'); +var fs = require('fs'); +var net = require('net'); +var tls = require('tls'); + +var common = require('../common'); + +var buf = new Buffer(10000); +var received = 0; +var ended = 0; +var maxChunk = 768; + +var server = tls.createServer({ + key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') +}, function(c) { + // Lower and upper limits + assert(!c.setMaxSendFragment(511)); + assert(!c.setMaxSendFragment(16385)); + + // Correct fragment size + assert(c.setMaxSendFragment(maxChunk)); + + c.end(buf); +}).listen(common.PORT, function() { + var c = tls.connect(common.PORT, { + rejectUnauthorized: false + }, function() { + c.on('data', function(chunk) { + assert(chunk.length <= maxChunk); + received += chunk.length; + }); + + // Ensure that we receive 'end' event anyway + c.on('end', function() { + ended++; + c.destroy(); + server.close(); + }); + }); +}); + +process.on('exit', function() { + assert.equal(ended, 1); + assert.equal(received, buf.length); +}); |