diff options
author | Kamil Dudka <kdudka@redhat.com> | 2018-02-08 11:23:49 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2018-02-15 10:18:34 +0100 |
commit | 1605d93a7b8ac4b7f348e304e018e9d15ffaabf0 (patch) | |
tree | a6d61ca644ec7ea171e8e95d95a7de5c24954662 | |
parent | b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 (diff) |
nss: use PK11_CreateManagedGenericObject() if available
... so that the memory allocated by applications using libcurl does not
grow per each TLS connection.
Bug: https://bugzilla.redhat.com/1510247
Closes #2297
-rwxr-xr-x | configure.ac | 9 | ||||
-rw-r--r-- | lib/vtls/nss.c | 12 |
2 files changed, 20 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index d305e9693..798fa5f1e 100755 --- a/configure.ac +++ b/configure.ac @@ -2483,6 +2483,15 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then if test "x$USE_NSS" = "xyes"; then AC_MSG_NOTICE([detected NSS version $version]) + dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + dnl PK11_DestroyGenericObject() does not release resources allocated by + dnl PK11_CreateGenericObject() early enough. + AC_CHECK_FUNC(PK11_CreateManagedGenericObject, + [ + AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1, + [if you have the PK11_CreateManagedGenericObject function]) + ]) + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS NSS_LIBS=$addlib AC_SUBST([NSS_LIBS]) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index a3ef37a12..458f9d814 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -440,7 +440,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl, PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval)); } - obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE); + /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + * PK11_DestroyGenericObject() does not release resources allocated by + * PK11_CreateGenericObject() early enough. */ + obj = +#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT + PK11_CreateManagedGenericObject +#else + PK11_CreateGenericObject +#endif + (slot, attrs, attr_cnt, PR_FALSE); + PK11_FreeSlot(slot); if(!obj) return result; |