Open
Bug 285525
Opened 19 years ago
Updated 2 years ago
Inefficiency in SSL model socket feature for servers
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: julien.pierre, Unassigned)
Details
(Keywords: perf)
When a server uses the model socket feature, it has to call SSL_ImportFD(connectionSocket, modelSocket) to upgrade the connection socket to SSL . Immediately after, the server is required to call SSL_ResetHandshake, so that subsequent SSL calls can work . There is a lot of inefficiency in those two calls. SSL_ImportFD copies a lot of data from the model socket to the connection socket. But SSL_ResetHandshake ends up freeing that data immediately. One example of this is with ssl_CreateSecurityInfo and ssl_ResetSecurityInfo . There should be a way to perform those two steps in a single API call, which could then be optimized and avoid unncessary steps . I suggest we add a new SSL socket flag to designate the servr model socket as such . When this flag is set in the model socket, SSL_ImportFD would be the only call required - it would also set the data structures to the proper state for a server to immediately be able to do I/O, making the call to SSL_ResetHandshake unnecessary .
|
||
Comment 1•19 years ago
|
||
I would suggest a new function for libSSL that combines the functionality of SSL_ImportFD and SSL_ResetHandshake, and that takes as arguments the union of the set of arguments of those two functions. It might be called SSL_ImportFDAfterConnected(). It's not exclusively a server feature. It applies to servers and clients that import the SSL PRFileDesc into their socket's "stack" of PRFileDescs after the connect or accept has been done and the socket is connected.
|
||
Comment 2•19 years ago
|
||
How about SSL_ImportConnectedFD or SSL_ImportConnectedSocket?
|
Reporter | |
Comment 3•19 years ago
|
||
I like SSL_ImportConnectedFD better than SSL_ImportConnectedSocket, since the SSL layer could theoritically be pushed onto other NSPR I/O layers than sockets.
|
|
||
Comment 4•19 years ago
|
||
Most people who read the name "import FD" have come to the wrong conclusion that it is importing the socket FD "into SSL", rather than the correct conclusion that it is importing (pushing) an SSL pseudo-FD onto the stack of the real socket's FD. So, I'd like any new name to make it more apparent that SSL is being added to the real socket, not the other way around. Maybe SSL_PushOntoConnectedFD or SSL_ImportSSLIntoSocketFD, or ?
|
|
Reporter | |
Updated•19 years ago
|
Assignee: wtchang → nelson
|
|
||
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
||
Updated•18 years ago
|
QA Contact: jason.m.reid → libraries
|
|
||
Updated•18 years ago
|
Severity: normal → enhancement
Priority: -- → P3
Target Milestone: --- → 3.12
|
|
||
Comment 5•15 years ago
|
||
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
|
|
||
Updated•15 years ago
|
Assignee: nelson → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•