If MaxMemFree is set, set SSL_MODE_RELEASE_BUFFERS in mod_ssl. (2fee69e6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,10 @@ Changes with Apache 2.3.15
		PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
		<lowprio20 gmail.com>]

		*) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
		usage. PR 51618. [Cristian Rodríguez <crrodriguez opensuse org>,
		Stefan Fritsch]

		*) mod_ssl: At startup, when checking a server certificate whether it
		matches the configured ServerName, also take dNSName entries in the
		subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]

+7 −0

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@
		see Recursive.''
		-- Unknown */
		#include "ssl_private.h"
		#include "mpm_common.h"

		/* _________________________________________________________________
		**
		@@ -574,6 +575,12 @@ static void ssl_init_ctx_protocol(server_rec *s,
		*/
		SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
		#endif

		#ifdef SSL_MODE_RELEASE_BUFFERS
		/* If httpd is configured to reduce mem usage, ask openssl to do so, too */
		if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED)
		SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
		#endif
		}

		static void ssl_init_ctx_session_cache(server_rec *s,

+4 −0

Original line number	Diff line number	Diff line
		@@ -2288,6 +2288,10 @@ int main(int argc, const char * const argv[])
		exit(1);
		}
		SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
		#ifdef SSL_MODE_RELEASE_BUFFERS
		/* Keep memory usage as low as possible */
		SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
		#endif
		if (ssl_cipher != NULL) {
		if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
		fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);