Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-14985

Use SSL_MODE_RELEASE_BUFFERS in QSslSocket / SSL_CTX

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • P3: Somewhat important
    • 5.0.0
    • None
    • Network: SSL
    • None
    • 47a62485c01e177327ad23611de9cba174df671e

    Description

      Author: Markus Goetz <Markus.Goetz@nokia.com>
      Date:   Wed Nov 3 11:24:43 2010 +0100
      
          SSL: Use SSL_MODE_RELEASE_BUFFERS
          
          Task-number: QTBUG-14985
          Reviewed-by: pending
      
      diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
      index 2910538..ff70997 100644
      --- a/src/network/ssl/qsslsocket_openssl.cpp
      +++ b/src/network/ssl/qsslsocket_openssl.cpp
      @@ -281,6 +281,14 @@ init_context:
           // Enable all bug workarounds.
           q_SSL_CTX_set_options(ctx, SSL_OP_ALL);
       
      +#if OPENSSL_VERSION_NUMBER >= 0x10000000L
      +    // Tell OpenSSL to release memory early
      +    // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
      +    // FIXME also do runtime SSL version checking or make Qt require 1.0.0
      +    // http://www.openssl.org/docs/crypto/OPENSSL_VERSION_NUMBER.html
      +    q_SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
      +#endif
      +
           // Initialize ciphers
           QByteArray cipherString;
           int first = true;
      diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
      index ef61dbf..39ff9ac 100644
      --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
      +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
      @@ -389,6 +389,7 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
                              bp,(char *)x,enc,kstr,klen,cb,u)
       #endif
       #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
      +#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
       #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
       #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
       #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
      

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-14985
          # Subject Branch Project Status CR V

          Activity

            People

              xcm Martin Petersson (Inactive)
              mgoetz Markus Goetz (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes