Commit 1605d93a authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: use PK11_CreateManagedGenericObject() if available 

... so that the memory allocated by applications using libcurl does not
grow per each TLS connection.

Bug: https://bugzilla.redhat.com/1510247

Closes #2297
parent b46cfbc0

configure.ac

+9 −0
Original line number Diff line number Diff line
@@ -2483,6 +2483,15 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then 
    if test "x$USE_NSS" = "xyes"; then

      AC_MSG_NOTICE([detected NSS version $version])



      dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because

      dnl PK11_DestroyGenericObject() does not release resources allocated by

      dnl PK11_CreateGenericObject() early enough.

      AC_CHECK_FUNC(PK11_CreateManagedGenericObject,

        [

          AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,

                    [if you have the PK11_CreateManagedGenericObject function])

        ])



      dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS

      NSS_LIBS=$addlib

      AC_SUBST([NSS_LIBS])

lib/vtls/nss.c

+11 −1
Original line number Diff line number Diff line
@@ -440,7 +440,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl, 
    PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));

  }



  obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);

  /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because

   * PK11_DestroyGenericObject() does not release resources allocated by

   * PK11_CreateGenericObject() early enough.  */

  obj =

#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT

    PK11_CreateManagedGenericObject

#else

    PK11_CreateGenericObject

#endif

    (slot, attrs, attr_cnt, PR_FALSE);



  PK11_FreeSlot(slot);

  if(!obj)

    return result;