diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-09-10 18:45:39 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-09-10 18:52:41 -0400 |
commit | f4e1357df5fd219083c9c26c319f7ceff1677378 (patch) | |
tree | 7742e398210c10c7f7ae021c4817d1072fc9f6f9 /src | |
parent | 3622d2b66a5a0cb18b6b16c2284d79ede82debf6 (diff) | |
download | lighttpd-git-f4e1357df5fd219083c9c26c319f7ceff1677378.tar.gz |
[mod_openssl] ssl.read-ahead="disable" for stream
set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope
It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)
On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
Diffstat (limited to 'src')
-rw-r--r-- | src/mod_openssl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/mod_openssl.c b/src/mod_openssl.c index f3caadd4..550ddf8d 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -940,7 +940,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults) s->ssl_verifyclient_depth = 9; s->ssl_verifyclient_export_cert = 0; s->ssl_disable_client_renegotiation = 1; - s->ssl_read_ahead = (0 == i ? 1 : p->config_storage[0]->ssl_read_ahead); + s->ssl_read_ahead = (0 == i) + ? !srv->config_storage[0]->stream_request_body + : p->config_storage[0]->ssl_read_ahead; if (0 != i) buffer_copy_buffer(s->ssl_ca_crl_file, p->config_storage[0]->ssl_ca_crl_file); if (0 != i) buffer_copy_buffer(s->ssl_ca_dn_file, p->config_storage[0]->ssl_ca_dn_file); |