dovecot-2.2: lib-ssl-iostream: Use SSL_MODE_RELEASE_BUFFERS if i...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/5c877bca95e5
changeset: 17434:5c877bca95e5
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Jun 02 23:58:26 2014 +0300
description:
lib-ssl-iostream: Use SSL_MODE_RELEASE_BUFFERS if it exists to reduce memory usage.

diffstat:

 src/lib-ssl-iostream/iostream-openssl-context.c |  3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diffs (13 lines):

diff -r 2d5c66e8d77c -r 5c877bca95e5 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Mon Jun 02 14:50:34 2014 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Mon Jun 02 23:58:26 2014 +0300
@@ -505,6 +505,9 @@
 	   makes SSL more vulnerable against attacks */
 	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2 |
 			    (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS));
+#ifdef SSL_MODE_RELEASE_BUFFERS
+	SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
 	if (ssl_proxy_ctx_set_crypto_params(ctx->ssl_ctx, set, error_r) < 0)
 		return -1;