1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
libwebsockets/lib/tls/openssl/private.h
Andy Green 555c34b044 openssl: reuse client SSL_CTX where possible
If you have multiple vhosts with client contexts enabled, under
OpenSSL each one brings in the system cert bundle.

On libwebsockets.org, there are many vhosts and the waste adds up
to about 9MB of heap.

This patch makes a sha256 from the client context configuration, and
if a suitable client context already exists on another vhost, bumps
a refcount and reuses the client context.

In the case client contexts are configured differently, a new one
is created (and is available for reuse as well).
2019-03-18 06:54:38 +08:00

53 lines
1.7 KiB
C

/*
* libwebsockets - small server side websockets and web server implementation
*
* Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation:
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*
* gencrypto openssl-specific helper declarations
*/
/*
* one of these per different client context
* cc_head is in lws_context.lws_context_tls
*/
struct lws_tls_client_reuse {
lws_tls_ctx *ssl_client_ctx;
uint8_t hash[32];
struct lws_dll cc_list;
int refcount;
int index;
};
typedef int (*next_proto_cb)(SSL *, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg);
struct lws_x509_cert {
X509 *cert; /* X509 is opaque, this has to be a pointer */
};
int
lws_gencrypto_openssl_hash_to_NID(enum lws_genhash_types hash_type);
const EVP_MD *
lws_gencrypto_openssl_hash_to_EVP_MD(enum lws_genhash_types hash_type);
#if !defined(LWS_HAVE_BN_bn2binpad)
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
#endif