X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_openssl.cpp;h=c9ae14e11bad0b31547494d3b19cd9d3a052d199;hb=a71f34e4b17420cacc4a50c5af64fe15811a8148;hp=7dd834e130e3fc6c9fcb404a38ff8d7575a8b9ad;hpb=a2461fb7e1c28e28e64b61256d7a547162a83f6e;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 7dd834e13..c9ae14e11 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -269,10 +269,10 @@ namespace OpenSSL
 			long setoptions = tag->getInt(ctxname + "setoptions");
 			long clearoptions = tag->getInt(ctxname + "clearoptions");
 #ifdef SSL_OP_NO_COMPRESSION
-			if (!tag->getBool("compression", true))
+			if (!tag->getBool("compression", false)) // Disable compression by default
 				setoptions |= SSL_OP_NO_COMPRESSION;
 #endif
-			if (!tag->getBool("sslv3", true))
+			if (!tag->getBool("sslv3", false)) // Disable SSLv3 by default
 				setoptions |= SSL_OP_NO_SSLv3;
 			if (!tag->getBool("tlsv1", true))
 				setoptions |= SSL_OP_NO_TLSv1;
@@ -363,6 +363,14 @@ namespace OpenSSL
 			return 1;
 		}
 
+		static int destroy(BIO* bio)
+		{
+			// XXX: Dummy function to avoid a memory leak in OpenSSL.
+			// The memory leak happens in BIO_free() (bio_lib.c) when the destroy func of the BIO is NULL.
+			// This is fixed in OpenSSL but some distros still ship the unpatched version hence we provide this workaround.
+			return 1;
+		}
+
 		static long ctrl(BIO* bio, int cmd, long num, void* ptr)
 		{
 			if (cmd == BIO_CTRL_FLUSH)
@@ -385,7 +393,7 @@ static BIO_METHOD biomethods =
 	NULL, // gets
 	OpenSSL::BIOMethod::ctrl,
 	OpenSSL::BIOMethod::create,
-	NULL, // destroy, NULL causes older OpenSSL to leak memory in BIO_free() (bio_lib.c)
+	OpenSSL::BIOMethod::destroy, // destroy, does nothing, see function body for more info
 	NULL // callback_ctrl
 };