Browse Source

[mod_openssl] ssl.read-ahead="disable" for stream

set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope

It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)

On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf

x-ref:
  "https POST requests buffered in RAM since v1.4.41?"
  https://redmine.lighttpd.net/boards/2/topics/7520
personal/stbuehler/mod-csrf
Glenn Strauss 4 years ago
parent
commit
f4e1357df5
  1. 4
      src/mod_openssl.c

4
src/mod_openssl.c

@ -940,7 +940,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults)
s->ssl_verifyclient_depth = 9;
s->ssl_verifyclient_export_cert = 0;
s->ssl_disable_client_renegotiation = 1;
s->ssl_read_ahead = (0 == i ? 1 : p->config_storage[0]->ssl_read_ahead);
s->ssl_read_ahead = (0 == i)
? !srv->config_storage[0]->stream_request_body
: p->config_storage[0]->ssl_read_ahead;
if (0 != i) buffer_copy_buffer(s->ssl_ca_crl_file, p->config_storage[0]->ssl_ca_crl_file);
if (0 != i) buffer_copy_buffer(s->ssl_ca_dn_file, p->config_storage[0]->ssl_ca_dn_file);

Loading…
Cancel
Save