From 47a62485c01e177327ad23611de9cba174df671e Mon Sep 17 00:00:00 2001
From: Martin Petersson <Martin.Petersson@nokia.com>
Date: Wed, 7 Mar 2012 16:17:11 +0100
Subject: Use SSL_MODE_RELEASE_BUFFERS in QSslSocket

If SSL_MODE_RELEASE_BUFFERS is available we should tell OpenSSL
to release memory early.
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

Task-number: QTBUG-14985
Change-Id: Ib6656ebb3c4d67ca868b317ee83ddbf0983953f9
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Markus Goetz <markus@woboq.com>
---
 src/network/ssl/qsslsocket_openssl.cpp         | 7 +++++++
 src/network/ssl/qsslsocket_openssl_symbols_p.h | 1 +
 2 files changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 20ad82407c..df60a0fcce 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -338,6 +338,13 @@ init_context:
     long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions);
     q_SSL_CTX_set_options(ctx, options);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    // Tell OpenSSL to release memory early
+    // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
+    if (q_SSLeay() >= 0x10000000L)
+        q_SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
     // Initialize ciphers
     QByteArray cipherString;
     int first = true;
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 758763523f..b0d748692f 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -411,6 +411,7 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #endif
 #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
 #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
 #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
-- 
cgit v1.2.3