sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-23 04:29:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Support fragmentation of transmitted records

Browse Source 
Large transmitted records may arise if we have long client certificate
chains or if a client sends a large block of data (such as a large
HTTP POST payload).  Fragment records as needed to comply with the
value that we advertise via the max_fragment_length extension.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2025-03-31 16:36:33 +01:00
parent f115cfcf99
commit a289b4b8c2
2 changed files with 135 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/include/ipxe/tls.h
View File

@@ -465,6 +465,17 @@ struct tls_connection {
struct tls_server server;
};
/** Advertised maximum fragment length */
#define TLS_MAX_FRAGMENT_LENGTH_VALUE TLS_MAX_FRAGMENT_LENGTH_4096
/** TX maximum fragment length
*
* TLS requires us to limit our transmitted records to the maximum
* fragment length that we attempt to negotiate, even if the server
* does not respect this choice.
*/
#define TLS_TX_BUFSIZE 4096
/** RX I/O buffer size
*
* The maximum fragment length extension is optional, and many common