summaryrefslogtreecommitdiff
path: root/src/network.c
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2016-05-28 16:58:59 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2016-06-19 23:34:15 -0400
commit5ab7944d3439f8efcd20d177d94ccdccc760881d (patch)
tree129a745b52d4df97e5d1507e9a5676c80c514be0 /src/network.c
parent53f550b290adcaa9d73a199655655837344bbc2c (diff)
downloadlighttpd1.4-5ab7944d3439f8efcd20d177d94ccdccc760881d.tar.gz
lighttpd1.4-5ab7944d3439f8efcd20d177d94ccdccc760881d.zip
[TLS] release openssl buffers as used (fixes #1265, fixes #1283, #881)
use SSL_MODE_RELEASE_BUFFERS (OpenSSL >= 1.0.0) to free buffers as they are used, to potentially reduce memory footprint of idle SSL connections x-ref: "memory usage when ssl.engine used and large data uploaded through CGI" https://redmine.lighttpd.net/issues/881 "SSL + file upload = lots of memory" https://redmine.lighttpd.net/issues/1265 "Memory usage increases when proxy+ssl+large file" https://redmine.lighttpd.net/issues/1283
Diffstat (limited to 'src/network.c')
-rw-r--r--src/network.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/network.c b/src/network.c
index f59b8bbe..18b8b47e 100644
--- a/src/network.c
+++ b/src/network.c
@@ -715,6 +715,9 @@ int network_init(server *srv) {
#ifndef SSL_OP_NO_COMPRESSION
# define SSL_OP_NO_COMPRESSION 0
#endif
+#ifndef SSL_MODE_RELEASE_BUFFERS /* OpenSSL >= 1.0.0 */
+#define SSL_MODE_RELEASE_BUFFERS 0
+#endif
long ssloptions =
SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
@@ -937,7 +940,10 @@ int network_init(server *srv) {
return -1;
}
SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1);
- SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx) | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+ SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
+ | SSL_MODE_ENABLE_PARTIAL_WRITE
+ | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+ | SSL_MODE_RELEASE_BUFFERS);
# ifndef OPENSSL_NO_TLSEXT
if (!SSL_CTX_set_tlsext_servername_callback(s->ssl_ctx, network_ssl_servername_callback) ||