Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

If the user has an openssl that supports my "release buffer ram" patch, use it.

svn:r14671
Nick Mathewson 17 years ago
parent
e6447a5a29
commit
da67500336
2 changed files with 7 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      ChangeLog
  2. 3 0
      src/common/tortls.c

+ 4 - 0
ChangeLog
View File 

@@ -91,6 +91,10 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
 
       this new scheme when the server supports it.
 
     - Add a new V3AuthUseLegacyKey option to make it easier for authorities
 
       to change their identity keys if they have to.
 
+    - If the user has applied the experimental SSL_MODE_RELEASE_BUFFERS
 
+      patch to their OpenSSL, turn it on to save memory on servers.  This
 
+      patch will (with any luck) get included in a mainline distribution
 
+      before too long.
 
 
   o Minor features (security):
 
     - Reject requests for reverse-dns lookup of names in a private

+ 3 - 0
src/common/tortls.c
View File 

@@ -564,6 +564,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
 
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 
 #endif
 
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
 
+#ifdef SSL_MODE_RELEASE_BUFFERS
 
+  SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 
+#endif
 
   if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
 
     goto error;
 
   X509_free(cert); /* We just added a reference to cert. */