xref: /unit/src/nxt_tls.h (revision 771:f349b2d68e75)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #ifndef _NXT_TLS_H_INCLUDED_
8 #define _NXT_TLS_H_INCLUDED_
9 
10 
11 /*
12  * The SSL/TLS libraries lack vector I/O interface yet add noticeable
13  * overhead to each SSL/TLS record so buffering allows to decrease the
14  * overhead.  The typical overhead size is about 30 bytes, however, TLS
15  * supports also random padding up to 255 bytes.  The maximum SSLv3/TLS
16  * record size is 16K.  However, large records increase decryption latency.
17  * 4K is good compromise between 1-6% of SSL/TLS overhead and the latency.
18  * 4K buffer allows to send one SSL/TLS record (4096-bytes data and up to
19  * 224-bytes overhead) in three 1440-bytes TCP/IPv4 packets with timestamps
20  * and compatible with tunnels.
21  */
22 
23 #define NXT_TLS_BUFFER_SIZE       4096
24 
25 
26 typedef struct nxt_tls_conf_s     nxt_tls_conf_t;
27 
28 
29 typedef struct {
30     nxt_int_t                     (*library_init)(nxt_task_t *task);
31     void                          (*library_free)(nxt_task_t *task);
32 
33     nxt_int_t                     (*server_init)(nxt_task_t *task,
34                                       nxt_tls_conf_t *conf);
35     void                          (*server_free)(nxt_task_t *task,
36                                       nxt_tls_conf_t *conf);
37 } nxt_tls_lib_t;
38 
39 
40 struct nxt_tls_conf_s {
41     void                          *ctx;
42     void                          (*conn_init)(nxt_task_t *task,
43                                       nxt_tls_conf_t *conf, nxt_conn_t *c);
44 
45     const nxt_tls_lib_t           *lib;
46 
47     char                          *certificate;
48     char                          *certificate_key;
49     char                          *ciphers;
50 
51     char                          *ca_certificate;
52 
53     size_t                        buffer_size;
54 };
55 
56 
57 #if (NXT_HAVE_OPENSSL)
58 extern const nxt_tls_lib_t        nxt_openssl_lib;
59 
60 void nxt_cdecl nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level,
61     const char *fmt, ...);
62 u_char *nxt_openssl_copy_error(u_char *p, u_char *end);
63 #endif
64 
65 #if (NXT_HAVE_GNUTLS)
66 extern const nxt_tls_lib_t        nxt_gnutls_lib;
67 #endif
68 
69 #if (NXT_HAVE_CYASSL)
70 extern const nxt_tls_lib_t        nxt_cyassl_lib;
71 #endif
72 
73 #if (NXT_HAVE_POLARSSL)
74 extern const nxt_tls_lib_t        nxt_polar_lib;
75 #endif
76 
77 
78 #endif /* _NXT_TLS_H_INCLUDED_ */
79