[PATCH] openssl: enable SSLContext read_ahead accessor

[PATCH] openssl: enable SSLContext read_ahead accessor

[Eric Wong]

---
 ext/openssl/extconf.rb   |  3 +++
 ext/openssl/ossl_ssl.c   | 41 +++++++++++++++++++++++++++++++++++++++++
 test/openssl/test_ssl.rb | 12 ++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 0b93aac..9136fde 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -84,6 +84,9 @@
   OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
+OpenSSL.check_func_or_macro("SSL_CTX_set_read_ahead", "openssl/ssl.h")
+OpenSSL.check_func_or_macro("SSL_CTX_get_read_ahead", "openssl/ssl.h")
+
 # added in 0.9.8X
 have_func("EVP_CIPHER_CTX_new")
 have_func("EVP_CIPHER_CTX_free")
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 1ee0658..a1eb8b5 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1074,6 +1074,45 @@ ossl_sslctx_set_ecdh_curves(VALUE self, VALUE arg)
 
 /*
  * call-seq:
+ *    ctx.read_ahead -> true or false
+ */
+static VALUE
+ossl_sslctx_get_read_ahead(VALUE self)
+{
+#if defined(HAVE_SSL_CTX_GET_READ_AHEAD)
+    SSL_CTX *ctx;
+
+    GetSSLCTX(self, ctx);
+
+    return SSL_CTX_get_read_ahead(ctx) ? Qtrue : Qfalse;
+#else
+    return Qfalse;
+#endif
+}
+
+/*
+ * call-seq:
+ *    ctx.read_ahead = boolean -> boolean
+ */
+#if defined(HAVE_SSL_CTX_SET_READ_AHEAD)
+static VALUE
+ossl_sslctx_set_read_ahead(VALUE self, VALUE boolean)
+{
+    SSL_CTX *ctx;
+
+    GetSSLCTX(self, ctx);
+    rb_check_frozen(self);
+
+    SSL_CTX_set_read_ahead(ctx, RTEST(boolean));
+
+    return boolean;
+}
+#else
+#define ossl_sslctx_set_read_ahead rb_f_notimplement
+#endif
+
+/*
+ * call-seq:
  *    ctx.security_level -> Integer
  *
  * Returns the security level for the context.
@@ -2449,6 +2488,8 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLContext, "ciphers",     ossl_sslctx_get_ciphers, 0);
     rb_define_method(cSSLContext, "ciphers=",    ossl_sslctx_set_ciphers, 1);
     rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
+    rb_define_method(cSSLContext, "read_ahead", ossl_sslctx_get_read_ahead, 0);
+    rb_define_method(cSSLContext, "read_ahead=", ossl_sslctx_set_read_ahead, 1);
     rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
     rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
 
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index b1dc223..f3ec8b6 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -1246,6 +1246,18 @@ def test_security_level
     skip "FIXME: SSLContext#key= currently does not raise because SSL_CTX_use_certificate() is delayed"
   end
 
+  def test_read_ahead
+    ctx = OpenSSL::SSL::SSLContext.new
+    assert_equal(false, ctx.read_ahead)
+    begin
+      ctx.read_ahead = true
+    rescue NotImplementedError
+      assert_equal(false, ctx.read_ahead)
+      return
+    end
+    assert_equal(true, ctx.read_ahead)
+  end
+
   private
 
   def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk)

Re: [PATCH] openssl: enable SSLContext read_ahead accessor

[Eric Wong]

Seems to be not worth it testing with yahns and dd | curl

dd if=/dev/zero bs=1M count=1000 | curl -HExpect -T- https://$HOST/

==> yahns -c /path/to/yahns.conf.rb <==
require 'digest/sha1'
require 'benchmark'
require 'openssl'
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(IO.read(
  '/etc/ssl/certs/dcvr.yhbt.net.crt'))
ctx.extra_chain_cert = [ OpenSSL::X509::Certificate.new(IO.read(
  '/etc/ssl/certs/dcvr.yhbt.net.chain.crt')) ]
ctx.key = OpenSSL::PKey::RSA.new(IO.read(
  '/etc/ssl/private/dcvr.yhbt.net.key'))
ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
ctx.read_ahead = true

user "www-data", "www-data"
worker_processes 1
app(:rack, lambda do |env|
      input = env['rack.input']
      n = 0
      nread = 4096
      bm = Benchmark.measure do
        buf = input.read(nread)
        while buf
          n += buf.size
          buf = input.read(nread, buf)
        end
      end
      b = "#{n}\n#{Benchmark::CAPTION}\n#{bm.to_s}\n"
      h = [ %w(Content-Type text/plain), %W(Content-Length #{b.size}) ]
      [ 200, h, [ b ] ]
    end) do
  listen 11443, ssl_ctx: ctx
  input_buffering false
  client_max_body_size nil
end
queue(:default) { worker_threads 1 } # for cache-friendly benchmarking

Re: [PATCH] openssl: enable SSLContext read_ahead accessor

[Eric Wong]

# Meh, no benefit without the HTTP parser in the way, either.

require 'digest/sha1'
require 'benchmark'
require 'openssl'
require 'socket'
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new(IO.read(
  '/etc/ssl/certs/dcvr.yhbt.net.crt'))
ctx.extra_chain_cert = [ OpenSSL::X509::Certificate.new(IO.read(
  '/etc/ssl/certs/dcvr.yhbt.net.chain.crt')) ]
ctx.key = OpenSSL::PKey::RSA.new(IO.read(
  '/etc/ssl/private/dcvr.yhbt.net.key'))
ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
ctx.read_ahead = true
h = '0.0.0.0'
s = TCPServer.new(h, 0)
th = Thread.new do
  system("dd if=/dev/zero bs=1M count=100 | " \
         "curl -T- -v -N http://yhbt.net:#{s.addr[1]}/")
end
a = s.accept
input = OpenSSL::SSL::SSLSocket.new(a, ctx)
n = 0
max = 100 * 1024 * 1024
nread = 8192
bm = Benchmark.measure do
  buf = input.readpartial(nread)
  while buf
    n += buf.size
    buf = input.readpartial(nread, buf)
    break if n > max
  end
  input.write("HTTP/1.0 200 OK\r\nContent-Type: text/plain\r\n\r\nhello\n")
  input.close
  a.close
end
th.join
puts "#{n}\n#{Benchmark::CAPTION}\n#{bm.to_s}\n"