summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-09-10 18:45:39 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2017-09-10 18:52:41 -0400
commitf4e1357df5fd219083c9c26c319f7ceff1677378 (patch)
tree7742e398210c10c7f7ae021c4817d1072fc9f6f9
parent3622d2b66a5a0cb18b6b16c2284d79ede82debf6 (diff)
downloadlighttpd1.4-f4e1357df5fd219083c9c26c319f7ceff1677378.tar.gz
lighttpd1.4-f4e1357df5fd219083c9c26c319f7ceff1677378.zip
[mod_openssl] ssl.read-ahead="disable" for stream
set default ssl.read-ahead = "disable" for streaming when server.stream-request-body = 1 or 2 is set in the global scope It is still recommended that embedded and other low-memory systems explicitly set ssl.read-ahead = "disable" in the global scope (regardless of server.stream-request-body setting) On the other hand, for systems which enable server.stream-request-body to non-zero value, and for which sufficient memory is available, then ssl.read-ahead = "enable" is recommended and should be explicitly set in the global or $SERVER["socket"] configuration blocks in lighttpd.conf x-ref: "https POST requests buffered in RAM since v1.4.41?" https://redmine.lighttpd.net/boards/2/topics/7520
-rw-r--r--src/mod_openssl.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index f3caadd4..550ddf8d 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -940,7 +940,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults)
s->ssl_verifyclient_depth = 9;
s->ssl_verifyclient_export_cert = 0;
s->ssl_disable_client_renegotiation = 1;
- s->ssl_read_ahead = (0 == i ? 1 : p->config_storage[0]->ssl_read_ahead);
+ s->ssl_read_ahead = (0 == i)
+ ? !srv->config_storage[0]->stream_request_body
+ : p->config_storage[0]->ssl_read_ahead;
if (0 != i) buffer_copy_buffer(s->ssl_ca_crl_file, p->config_storage[0]->ssl_ca_crl_file);
if (0 != i) buffer_copy_buffer(s->ssl_ca_dn_file, p->config_storage[0]->ssl_ca_dn_file);