nss: use PK11_CreateManagedGenericObject() if available

... so that the memory allocated by applications using libcurl does not grow per each TLS connection. Bug: https://bugzilla.redhat.com/1510247 Closes #2297
author: Kamil Dudka <kdudka@redhat.com> 2018-02-08 11:23:49 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2018-02-15 10:18:34 +0100
commit: 1605d93a7b8ac4b7f348e304e018e9d15ffaabf0 (patch)
tree: a6d61ca644ec7ea171e8e95d95a7de5c24954662 /lib/vtls/nss.c
parent: b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index a3ef37a12..458f9d814 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -440,7 +440,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl,
     PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
   }
 
-  obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
+  /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
+   * PK11_DestroyGenericObject() does not release resources allocated by
+   * PK11_CreateGenericObject() early enough.  */
+  obj =
+#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
+    PK11_CreateManagedGenericObject
+#else
+    PK11_CreateGenericObject
+#endif
+    (slot, attrs, attr_cnt, PR_FALSE);
+
   PK11_FreeSlot(slot);
   if(!obj)
     return result;
author	Kamil Dudka <kdudka@redhat.com>	2018-02-08 11:23:49 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2018-02-15 10:18:34 +0100
commit	1605d93a7b8ac4b7f348e304e018e9d15ffaabf0 (patch)
tree	a6d61ca644ec7ea171e8e95d95a7de5c24954662 /lib/vtls/nss.c
parent	b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 (diff)