long setoptions = tag->getInt(ctxname + "setoptions");
long clearoptions = tag->getInt(ctxname + "clearoptions");
#ifdef SSL_OP_NO_COMPRESSION
- if (!tag->getBool("compression", true))
+ if (!tag->getBool("compression", false)) // Disable compression by default
setoptions |= SSL_OP_NO_COMPRESSION;
#endif
- if (!tag->getBool("sslv3", true))
+ if (!tag->getBool("sslv3", false)) // Disable SSLv3 by default
setoptions |= SSL_OP_NO_SSLv3;
if (!tag->getBool("tlsv1", true))
setoptions |= SSL_OP_NO_TLSv1;
return 1;
}
+ static int destroy(BIO* bio)
+ {
+ // XXX: Dummy function to avoid a memory leak in OpenSSL.
+ // The memory leak happens in BIO_free() (bio_lib.c) when the destroy func of the BIO is NULL.
+ // This is fixed in OpenSSL but some distros still ship the unpatched version hence we provide this workaround.
+ return 1;
+ }
+
static long ctrl(BIO* bio, int cmd, long num, void* ptr)
{
if (cmd == BIO_CTRL_FLUSH)
NULL, // gets
OpenSSL::BIOMethod::ctrl,
OpenSSL::BIOMethod::create,
- NULL, // destroy, NULL causes older OpenSSL to leak memory in BIO_free() (bio_lib.c)
+ OpenSSL::BIOMethod::destroy, // destroy, does nothing, see function body for more info
NULL // callback_ctrl
};