diff --git a/CHANGES b/CHANGES index fcf94e4395..3f8e0936a4 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,10 @@ Changes with Apache 2.3.15 PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener, ] + *) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory + usage. PR 51618. [Cristian Rodríguez , + Stefan Fritsch] + *) mod_ssl: At startup, when checking a server certificate whether it matches the configured ServerName, also take dNSName entries in the subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a829db3727..114e89269f 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -27,6 +27,7 @@ see Recursive.'' -- Unknown */ #include "ssl_private.h" +#include "mpm_common.h" /* _________________________________________________________________ ** @@ -574,6 +575,12 @@ static void ssl_init_ctx_protocol(server_rec *s, */ SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); #endif + +#ifdef SSL_MODE_RELEASE_BUFFERS + /* If httpd is configured to reduce mem usage, ask openssl to do so, too */ + if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED) + SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); +#endif } static void ssl_init_ctx_session_cache(server_rec *s, diff --git a/support/ab.c b/support/ab.c index 61cfab110d..6b1e98954f 100644 --- a/support/ab.c +++ b/support/ab.c @@ -2288,6 +2288,10 @@ int main(int argc, const char * const argv[]) exit(1); } SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); +#ifdef SSL_MODE_RELEASE_BUFFERS + /* Keep memory usage as low as possible */ + SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (ssl_cipher != NULL) { if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) { fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);