diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2018-09-20 15:05:37 +0300 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2018-09-20 15:05:37 +0300 |
| commit | 96cd68b34037f8b6d9a1d43f67b8fe7c1df2ef9e (patch) | |
| tree | 8e648712993012fbe815cc92e6debab20449fe8f /src/nxt_ssltls.h | |
| parent | e964e982fd64505fb8644f91e5c57a869038cd18 (diff) | |
| download | unit-96cd68b34037f8b6d9a1d43f67b8fe7c1df2ef9e.tar.gz unit-96cd68b34037f8b6d9a1d43f67b8fe7c1df2ef9e.tar.bz2 | |
Added SSL/TLS support on connection level.
Diffstat (limited to 'src/nxt_ssltls.h')
| -rw-r--r-- | src/nxt_ssltls.h | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/src/nxt_ssltls.h b/src/nxt_ssltls.h deleted file mode 100644 index f12335a7..00000000 --- a/src/nxt_ssltls.h +++ /dev/null @@ -1,69 +0,0 @@ - -/* - * Copyright (C) Igor Sysoev - * Copyright (C) NGINX, Inc. - */ - -#ifndef _NXT_SSLTLS_H_INCLUDED_ -#define _NXT_SSLTLS_H_INCLUDED_ - - -/* - * The SSL/TLS libraries lack vector I/O interface yet add noticeable - * overhead to each SSL/TLS record so buffering allows to decrease the - * overhead. The typical overhead size is about 30 bytes, however, TLS - * supports also random padding up to 255 bytes. The maximum SSLv3/TLS - * record size is 16K. However, large records increase decryption latency. - * 4K is good compromise between 1-6% of SSL/TLS overhead and the latency. - * 4K buffer allows to send one SSL/TLS record (4096-bytes data and up to - * 224-bytes overhead) in three 1440-bytes TCP/IPv4 packets with timestamps - * and compatible with tunnels. - */ - -#define NXT_SSLTLS_BUFFER_SIZE 4096 - - -typedef struct nxt_ssltls_conf_s nxt_ssltls_conf_t; - - -typedef struct { - nxt_int_t (*server_init)(nxt_ssltls_conf_t *conf); - nxt_int_t (*set_versions)(nxt_ssltls_conf_t *conf); -} nxt_ssltls_lib_t; - - -struct nxt_ssltls_conf_s { - void *ctx; - void (*conn_init)(nxt_task_t *task, - nxt_ssltls_conf_t *conf, nxt_conn_t *c); - - const nxt_ssltls_lib_t *lib; - - char *certificate; - char *certificate_key; - char *ciphers; - - char *ca_certificate; - - size_t buffer_size; -}; - - -#if (NXT_HAVE_OPENSSL) -extern const nxt_ssltls_lib_t nxt_openssl_lib; -#endif - -#if (NXT_HAVE_GNUTLS) -extern const nxt_ssltls_lib_t nxt_gnutls_lib; -#endif - -#if (NXT_HAVE_CYASSL) -extern const nxt_ssltls_lib_t nxt_cyassl_lib; -#endif - -#if (NXT_HAVE_POLARSSL) -extern const nxt_ssltls_lib_t nxt_polar_lib; -#endif - - -#endif /* _NXT_SSLTLS_H_INCLUDED_ */ |