From f4e1357df5fd219083c9c26c319f7ceff1677378 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 10 Sep 2017 18:45:39 -0400 Subject: [PATCH] [mod_openssl] ssl.read-ahead="disable" for stream set default ssl.read-ahead = "disable" for streaming when server.stream-request-body = 1 or 2 is set in the global scope It is still recommended that embedded and other low-memory systems explicitly set ssl.read-ahead = "disable" in the global scope (regardless of server.stream-request-body setting) On the other hand, for systems which enable server.stream-request-body to non-zero value, and for which sufficient memory is available, then ssl.read-ahead = "enable" is recommended and should be explicitly set in the global or $SERVER["socket"] configuration blocks in lighttpd.conf x-ref: "https POST requests buffered in RAM since v1.4.41?" https://redmine.lighttpd.net/boards/2/topics/7520 --- src/mod_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/mod_openssl.c b/src/mod_openssl.c index f3caadd4..550ddf8d 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -940,7 +940,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults) s->ssl_verifyclient_depth = 9; s->ssl_verifyclient_export_cert = 0; s->ssl_disable_client_renegotiation = 1; - s->ssl_read_ahead = (0 == i ? 1 : p->config_storage[0]->ssl_read_ahead); + s->ssl_read_ahead = (0 == i) + ? !srv->config_storage[0]->stream_request_body + : p->config_storage[0]->ssl_read_ahead; if (0 != i) buffer_copy_buffer(s->ssl_ca_crl_file, p->config_storage[0]->ssl_ca_crl_file); if (0 != i) buffer_copy_buffer(s->ssl_ca_dn_file, p->config_storage[0]->ssl_ca_dn_file);