aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFedor Indutny <fedor.indutny@gmail.com>2014-01-17 18:46:49 +0000
committerFedor Indutny <fedor.indutny@gmail.com>2014-01-20 20:39:57 +0400
commit7f9b01509f28de5888a45b8b1af5667e507a0c94 (patch)
tree3d1e436601a0badaeabe49a4939a686b9d48a20b
parent023f0a3122d54e3f331f32f5cfe0cb0df9e8f131 (diff)
downloadandroid-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.tar.gz
android-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.tar.bz2
android-node-v8-7f9b01509f28de5888a45b8b1af5667e507a0c94.zip
lib: introduce `.setMaxSendFragment(size)`
fix #6889
-rw-r--r--doc/api/tls.markdown12
-rw-r--r--lib/_tls_wrap.js4
-rw-r--r--src/node_crypto.cc19
-rw-r--r--src/node_crypto.h5
-rw-r--r--test/simple/test-tls-max-send-fragment.js72
5 files changed, 112 insertions, 0 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index 97c78fea8f..cf7a87fa2a 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -634,6 +634,18 @@ has been established.
ANOTHER NOTE: When running as the server, socket will be destroyed
with an error after `handshakeTimeout` timeout.
+### tlsSocket.setMaxSendFragment(size)
+
+Set maximum TLS fragment size (default and maximum value is: `16384`, minimum
+is: `512`). Returns `true` on success, `false` otherwise.
+
+Smaller fragment size decreases buffering latency on the client: large
+fragments are buffered by the TLS layer until the entire fragment is received
+and its integrity is verified; large fragments can span multiple roundtrips,
+and their processing can be delayed due to packet loss or reordering. However,
+smaller fragments add extra TLS framing bytes and CPU overhead, which may
+decrease overall server throughput.
+
### tlsSocket.address()
Returns the bound address, the address family name and port of the
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c6996048e1..ff794e7cea 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -303,6 +303,10 @@ TLSSocket.prototype.renegotiate = function(options, callback) {
return true;
};
+TLSSocket.prototype.setMaxSendFragment = function setMaxSendFragment(size) {
+ return this.ssl.setMaxSendFragment(size) == 1;
+};
+
TLSSocket.prototype._handleTimeout = function() {
this._tlsError(new Error('TLS handshake timeout'));
};
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 936f3a9038..1017e2f5b0 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -857,6 +857,10 @@ void SSLWrap<Base>::AddMethods(Handle<FunctionTemplate> t) {
NODE_SET_PROTOTYPE_METHOD(t, "renegotiate", Renegotiate);
NODE_SET_PROTOTYPE_METHOD(t, "shutdown", Shutdown);
+#ifdef SSL_set_max_send_fragment
+ NODE_SET_PROTOTYPE_METHOD(t, "setMaxSendFragment", SetMaxSendFragment);
+#endif // SSL_set_max_send_fragment
+
#ifdef OPENSSL_NPN_NEGOTIATED
NODE_SET_PROTOTYPE_METHOD(t, "getNegotiatedProtocol", GetNegotiatedProto);
NODE_SET_PROTOTYPE_METHOD(t, "setNPNProtocols", SetNPNProtocols);
@@ -1240,6 +1244,21 @@ void SSLWrap<Base>::Shutdown(const FunctionCallbackInfo<Value>& args) {
}
+#ifdef SSL_set_max_send_fragment
+template <class Base>
+void SSLWrap<Base>::SetMaxSendFragment(
+ const v8::FunctionCallbackInfo<v8::Value>& args) {
+ HandleScope scope(node_isolate);
+ CHECK(args.Length() >= 1 && args[0]->IsNumber());
+
+ Base* w = Unwrap<Base>(args.This());
+
+ int rv = SSL_set_max_send_fragment(w->ssl_, args[0]->Int32Value());
+ args.GetReturnValue().Set(rv);
+}
+#endif // SSL_set_max_send_fragment
+
+
template <class Base>
void SSLWrap<Base>::IsInitFinished(const FunctionCallbackInfo<Value>& args) {
HandleScope scope(node_isolate);
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 2357ca4a2d..7f29e89590 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -188,6 +188,11 @@ class SSLWrap {
static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
+#ifdef SSL_set_max_send_fragment
+ static void SetMaxSendFragment(
+ const v8::FunctionCallbackInfo<v8::Value>& args);
+#endif // SSL_set_max_send_fragment
+
#ifdef OPENSSL_NPN_NEGOTIATED
static void GetNegotiatedProto(
const v8::FunctionCallbackInfo<v8::Value>& args);
diff --git a/test/simple/test-tls-max-send-fragment.js b/test/simple/test-tls-max-send-fragment.js
new file mode 100644
index 0000000000..f6fdf25120
--- /dev/null
+++ b/test/simple/test-tls-max-send-fragment.js
@@ -0,0 +1,72 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if (!process.versions.openssl) {
+ console.error('Skipping because node compiled without OpenSSL.');
+ process.exit(0);
+}
+
+var assert = require('assert');
+var fs = require('fs');
+var net = require('net');
+var tls = require('tls');
+
+var common = require('../common');
+
+var buf = new Buffer(10000);
+var received = 0;
+var ended = 0;
+var maxChunk = 768;
+
+var server = tls.createServer({
+ key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
+ cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
+}, function(c) {
+ // Lower and upper limits
+ assert(!c.setMaxSendFragment(511));
+ assert(!c.setMaxSendFragment(16385));
+
+ // Correct fragment size
+ assert(c.setMaxSendFragment(maxChunk));
+
+ c.end(buf);
+}).listen(common.PORT, function() {
+ var c = tls.connect(common.PORT, {
+ rejectUnauthorized: false
+ }, function() {
+ c.on('data', function(chunk) {
+ assert(chunk.length <= maxChunk);
+ received += chunk.length;
+ });
+
+ // Ensure that we receive 'end' event anyway
+ c.on('end', function() {
+ ended++;
+ c.destroy();
+ server.close();
+ });
+ });
+});
+
+process.on('exit', function() {
+ assert.equal(ended, 1);
+ assert.equal(received, buf.length);
+});