From a6c573d22566a1dfc44ab060687192a4debc2e03 Mon Sep 17 00:00:00 2001
From: Cristian Rodriguez <crrodriguez@opensuse.org>
Date: Sun, 25 May 2014 15:52:58 +0200
Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available

Sets SSL_MODE_RELEASE_BUFFERS if available, to keep openSSL memory
usage as low as possible.

For more info, see
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

See also trac #157

Signed-off-by: Cristian Rodriguez <crrodriguez@opensuse.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <5381FEFF.1040609@karger.me>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_openssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 3a222d85c..4862badca 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -198,6 +198,9 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
     SSL_CTX_set_options (ctx->ctx, sslopt);
   }
 
+#ifdef SSL_MODE_RELEASE_BUFFERS
+  SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
   SSL_CTX_set_session_cache_mode (ctx->ctx, SSL_SESS_CACHE_OFF);
   SSL_CTX_set_default_passwd_cb (ctx->ctx, pem_password_callback);
 
-- 
2.47.2