nxt_tls.h (1884:4645a43bc248) nxt_tls.h (1885:09b857a2cca9)
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#ifndef _NXT_TLS_H_INCLUDED_
8#define _NXT_TLS_H_INCLUDED_
9
10
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#ifndef _NXT_TLS_H_INCLUDED_
8#define _NXT_TLS_H_INCLUDED_
9
10
11#include <nxt_conf.h>
12
13
11/*
12 * The SSL/TLS libraries lack vector I/O interface yet add noticeable
13 * overhead to each SSL/TLS record so buffering allows to decrease the
14 * overhead. The typical overhead size is about 30 bytes, however, TLS
15 * supports also random padding up to 255 bytes. The maximum SSLv3/TLS
16 * record size is 16K. However, large records increase decryption latency.
17 * 4K is good compromise between 1-6% of SSL/TLS overhead and the latency.
18 * 4K buffer allows to send one SSL/TLS record (4096-bytes data and up to

--- 8 unchanged lines hidden (view full) ---

27typedef struct nxt_tls_bundle_conf_s nxt_tls_bundle_conf_t;
28
29typedef struct {
30 nxt_int_t (*library_init)(nxt_task_t *task);
31 void (*library_free)(nxt_task_t *task);
32
33 nxt_int_t (*server_init)(nxt_task_t *task,
34 nxt_tls_conf_t *conf, nxt_mp_t *mp,
14/*
15 * The SSL/TLS libraries lack vector I/O interface yet add noticeable
16 * overhead to each SSL/TLS record so buffering allows to decrease the
17 * overhead. The typical overhead size is about 30 bytes, however, TLS
18 * supports also random padding up to 255 bytes. The maximum SSLv3/TLS
19 * record size is 16K. However, large records increase decryption latency.
20 * 4K is good compromise between 1-6% of SSL/TLS overhead and the latency.
21 * 4K buffer allows to send one SSL/TLS record (4096-bytes data and up to

--- 8 unchanged lines hidden (view full) ---

30typedef struct nxt_tls_bundle_conf_s nxt_tls_bundle_conf_t;
31
32typedef struct {
33 nxt_int_t (*library_init)(nxt_task_t *task);
34 void (*library_free)(nxt_task_t *task);
35
36 nxt_int_t (*server_init)(nxt_task_t *task,
37 nxt_tls_conf_t *conf, nxt_mp_t *mp,
38 nxt_conf_value_t *conf_cmds,
35 nxt_bool_t last);
36 void (*server_free)(nxt_task_t *task,
37 nxt_tls_conf_t *conf);
38} nxt_tls_lib_t;
39
40
41typedef struct {
42 nxt_tls_bundle_conf_t *bundle;
43
44 nxt_str_t name;
45} nxt_tls_bundle_hash_item_t;
46
47
48struct nxt_tls_bundle_conf_s {
49 void *ctx;
50
51 nxt_fd_t chain_file;
39 nxt_bool_t last);
40 void (*server_free)(nxt_task_t *task,
41 nxt_tls_conf_t *conf);
42} nxt_tls_lib_t;
43
44
45typedef struct {
46 nxt_tls_bundle_conf_t *bundle;
47
48 nxt_str_t name;
49} nxt_tls_bundle_hash_item_t;
50
51
52struct nxt_tls_bundle_conf_s {
53 void *ctx;
54
55 nxt_fd_t chain_file;
52 nxt_str_t *name;
56 nxt_str_t name;
53
54 nxt_tls_bundle_conf_t *next;
55};
56
57
58struct nxt_tls_conf_s {
59 nxt_tls_bundle_conf_t *bundle;
60 nxt_lvlhsh_t bundle_hash;

--- 38 unchanged lines hidden ---
57
58 nxt_tls_bundle_conf_t *next;
59};
60
61
62struct nxt_tls_conf_s {
63 nxt_tls_bundle_conf_t *bundle;
64 nxt_lvlhsh_t bundle_hash;

--- 38 unchanged lines hidden ---