min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set SSL_MODE_RELEASE_BUFFERS by default 

Closes #696
This commit is contained in:
Alex Crichton 2017-09-14 17:55:06 -07:00
parent c800ab922e
commit 68a30c29c9
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openssl/src/ssl/connector.rs
View File

@ -5,6 +5,7 @@ use error::ErrorStack;
use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream, use ssl::{self, SslMethod, SslContextBuilder, SslContext, Ssl, SSL_VERIFY_PEER, SslStream,
HandshakeError}; HandshakeError};
use pkey::PKeyRef; use pkey::PKeyRef;
use version;
use x509::X509Ref; use x509::X509Ref;
#[cfg(ossl101)] #[cfg(ossl101)]
@ -39,8 +40,17 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE; opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
ctx.set_options(opts); ctx.set_options(opts);
let mode = ssl::SSL_MODE_AUTO_RETRY | ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | let mut mode = ssl::SSL_MODE_AUTO_RETRY |
ssl::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
ssl::SSL_MODE_ENABLE_PARTIAL_WRITE; ssl::SSL_MODE_ENABLE_PARTIAL_WRITE;
// This is quite a useful optimization for saving memory, but historically
// caused CVEs in OpenSSL pre-1.0.1h, according to
// https://bugs.python.org/issue25672
if version::number() >= 0x1000108f {
mode |= ssl::SSL_MODE_RELEASE_BUFFERS;
}
ctx.set_mode(mode); ctx.set_mode(mode);
Ok(ctx) Ok(ctx)