diff options
author | Andy Green <andy@warmcat.com> | 2021-09-22 09:34:56 +0100 |
---|---|---|
committer | Andy Green <andy@warmcat.com> | 2021-10-05 07:40:17 +0100 |
commit | 19ba1998fa5ee3e019206f6f9024e32b10474211 (patch) | |
tree | aae9293ac9ef927050418a98fce0390b75929f80 /lib/core-net | |
parent | ad990a61a0341ef9b3351a4efc37d30a77730cdb (diff) | |
download | libwebsockets-19ba1998fa5ee3e019206f6f9024e32b10474211.tar.gz |
tls: evolve handshake serialization into simultaneous_ssl_handshake_restriction
This patch adapts the recent change about serializing the number of
simultaneous tls handshakes allowed to 1, so you can set the number in the
context creation info, and the accounting for it is handled by counters
same as the overally tls restriction.
The name of the context info var to control it changes to simultaneous_ssl_handshake_restriction
which is now a count, the default 0 means no limit.
The count rejects tls connection attempts when the tls borrow is attempted,
and separately hands back the hs borrow from the tls borrow when the
connection attempt fails or succeeds.
Diffstat (limited to 'lib/core-net')
-rw-r--r-- | lib/core-net/client/connect.c | 4 | ||||
-rw-r--r-- | lib/core-net/private-lib-core-net.h | 1 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/core-net/client/connect.c b/lib/core-net/client/connect.c index 4b45bbe0..1844abef 100644 --- a/lib/core-net/client/connect.c +++ b/lib/core-net/client/connect.c @@ -530,8 +530,8 @@ bail3: bail: #if defined(LWS_WITH_TLS) - if (wsi->tls.ssl && wsi->tls_borrowed) - lws_tls_restrict_return(i->context); + if (wsi->tls.ssl) + lws_tls_restrict_return(wsi); #endif lws_free_set_NULL(wsi->stash); diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index 1f566178..3f507311 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -809,6 +809,7 @@ struct lws { unsigned int client_proxy_onward:1; #endif unsigned int tls_borrowed:1; + unsigned int tls_borrowed_hs:1; unsigned int tls_read_wanted_write:1; #ifdef LWS_WITH_ACCESS_LOG |