SHA256
1
0
forked from pool/postfix
postfix/postfix-ssl-release-buffers.patch

35 lines
980 B
Diff
Raw Normal View History

Index: src/tls/tls_client.c
===================================================================
--- src/tls/tls_client.c.orig
+++ src/tls/tls_client.c
@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
SSL_CTX_set_security_level(client_ctx, 0);
#endif
+ /* Keep memory usage as low as possible */
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
/*
* See the verify callback in tls_verify.c
*/
Index: src/tls/tls_server.c
===================================================================
--- src/tls/tls_server.c.orig
+++ src/tls/tls_server.c
@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
SSL_CTX_set_security_level(server_ctx, 0);
#endif
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
+ /* Keep memory usage as low as possible */
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
/*
* See the verify callback in tls_verify.c
*/