commit 28922323a7a93f63c1de883ba79dcf3ec51db6ef
parent f05782440b1c56e2f501461e46ba0972fa1e8a63
Author: Joris Vink <joris@coders.se>
Date: Mon, 2 Apr 2018 17:58:00 +0200
openssl got rid of their freelists a while ago.
so remove the hack we did to manually force them to not be used.
Diffstat:
src/domain.c | 15 ---------------
1 file changed, 0 insertions(+), 15 deletions(-)
diff --git a/src/domain.c b/src/domain.c
@@ -383,21 +383,6 @@ kore_domain_tlsinit(struct kore_domain *dom)
SSL_CTX_set_session_id_context(dom->ssl_ctx,
(unsigned char *)SSL_SESSION_ID, strlen(SSL_SESSION_ID));
-
- /*
- * Force OpenSSL to not use its freelists. Even without using
- * SSL_MODE_RELEASE_BUFFERS there are times it will use the
- * freelists. So forcefully putting its max length to 0 is the
- * only we choice we seem to have.
- *
- * Note that OpenBSD has since heartbleed removed freelists
- * from its OpenSSL in base so we don't need to care about it.
- */
-#if !defined(LIBRESSL_VERSION_TEXT)
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- dom->ssl_ctx->freelist_max_len = 0;
-#endif
-#endif
SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
if (tls_version == KORE_TLS_VERSION_BOTH) {