kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 28922323a7a93f63c1de883ba79dcf3ec51db6ef
parent f05782440b1c56e2f501461e46ba0972fa1e8a63
Author: Joris Vink <joris@coders.se>
Date:   Mon,  2 Apr 2018 17:58:00 +0200

openssl got rid of their freelists a while ago.

so remove the hack we did to manually force them to not be used.

Diffstat:
src/domain.c | 15---------------
1 file changed, 0 insertions(+), 15 deletions(-)

diff --git a/src/domain.c b/src/domain.c @@ -383,21 +383,6 @@ kore_domain_tlsinit(struct kore_domain *dom) SSL_CTX_set_session_id_context(dom->ssl_ctx, (unsigned char *)SSL_SESSION_ID, strlen(SSL_SESSION_ID)); - - /* - * Force OpenSSL to not use its freelists. Even without using - * SSL_MODE_RELEASE_BUFFERS there are times it will use the - * freelists. So forcefully putting its max length to 0 is the - * only we choice we seem to have. - * - * Note that OpenBSD has since heartbleed removed freelists - * from its OpenSSL in base so we don't need to care about it. - */ -#if !defined(LIBRESSL_VERSION_TEXT) -#if OPENSSL_VERSION_NUMBER < 0x10100000L - dom->ssl_ctx->freelist_max_len = 0; -#endif -#endif SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); if (tls_version == KORE_TLS_VERSION_BOTH) {