www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

If MaxMemFree is set, set SSL_MODE_RELEASE_BUFFERS in mod_ssl.

Browse Source 
Always set SSL_MODE_RELEASE_BUFFERS in ab.

PR: 51618
Submitted by: Cristian Rodríguez <crrodriguez opensuse org>, Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1178079 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2011-10-01 19:48:14 +00:00
parent 3bc7336e01
commit fb5cf8f74f
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -12,6 +12,10 @@ Changes with Apache 2.3.15
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener, PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
<lowprio20 gmail.com>] <lowprio20 gmail.com>]
*) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
usage. PR 51618. [Cristian Rodr<64>guez <crrodriguez opensuse org>,
Stefan Fritsch]
*) mod_ssl: At startup, when checking a server certificate whether it *) mod_ssl: At startup, when checking a server certificate whether it
matches the configured ServerName, also take dNSName entries in the matches the configured ServerName, also take dNSName entries in the
subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand] subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]

7
modules/ssl/ssl_engine_init.c
View File

@@ -27,6 +27,7 @@
see Recursive.'' see Recursive.''
-- Unknown */ -- Unknown */
#include "ssl_private.h" #include "ssl_private.h"
#include "mpm_common.h"
/* _________________________________________________________________ /* _________________________________________________________________
** **
@@ -574,6 +575,12 @@ static void ssl_init_ctx_protocol(server_rec *s,
*/ */
SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif #endif
#ifdef SSL_MODE_RELEASE_BUFFERS
/* If httpd is configured to reduce mem usage, ask openssl to do so, too */
if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED)
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
} }
static void ssl_init_ctx_session_cache(server_rec *s, static void ssl_init_ctx_session_cache(server_rec *s,

4
support/ab.c
View File

@@ -2288,6 +2288,10 @@ int main(int argc, const char * const argv[])
exit(1); exit(1);
} }
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
#ifdef SSL_MODE_RELEASE_BUFFERS
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
if (ssl_cipher != NULL) { if (ssl_cipher != NULL) {
if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) { if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher); fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);