If MaxMemFree is set, set SSL_MODE_RELEASE_BUFFERS in mod_ssl.

Always set SSL_MODE_RELEASE_BUFFERS in ab. PR: 51618 Submitted by: Cristian Rodríguez <crrodriguez opensuse org>, Stefan Fritsch git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1178079 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2011-10-01 19:48:14 +00:00
parent 3bc7336e01
commit fb5cf8f74f
3 changed files with 15 additions and 0 deletions
--- a/4
+++ b/4
@@ -12,6 +12,10 @@ Changes with Apache 2.3.15
     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
     <lowprio20 gmail.com>]

+  *) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
+     usage.  PR 51618. [Cristian Rodr<64>guez <crrodriguez opensuse org>,
+     Stefan Fritsch]
+
  *) mod_ssl: At startup, when checking a server certificate whether it
     matches the configured ServerName, also take dNSName entries in the
     subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -27,6 +27,7 @@
                                  see Recursive.''
                                        -- Unknown   */
 #include "ssl_private.h"
+#include "mpm_common.h"

 /*  _________________________________________________________________
 **
@@ -574,6 +575,12 @@ static void ssl_init_ctx_protocol(server_rec *s,
     */
    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 #endif
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+    /* If httpd is configured to reduce mem usage, ask openssl to do so, too */
+    if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED)
+        SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
 }

 static void ssl_init_ctx_session_cache(server_rec *s,
--- a/support/ab.c
+++ b/support/ab.c
@@ -2288,6 +2288,10 @@ int main(int argc, const char * const argv[])
        exit(1);
    }
    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+#ifdef SSL_MODE_RELEASE_BUFFERS
+    /* Keep memory usage as low as possible */
+    SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
    if (ssl_cipher != NULL) {
        if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
            fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);