1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00

nss: use PK11_CreateManagedGenericObject() if available

... so that the memory allocated by applications using libcurl does not
grow per each TLS connection.

Bug: https://bugzilla.redhat.com/1510247

Closes #2297
This commit is contained in:
Kamil Dudka 2018-02-08 11:23:49 +01:00
parent b46cfbc068
commit 1605d93a7b
2 changed files with 20 additions and 1 deletions

View File

@ -2483,6 +2483,15 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
if test "x$USE_NSS" = "xyes"; then
AC_MSG_NOTICE([detected NSS version $version])
dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
dnl PK11_DestroyGenericObject() does not release resources allocated by
dnl PK11_CreateGenericObject() early enough.
AC_CHECK_FUNC(PK11_CreateManagedGenericObject,
[
AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,
[if you have the PK11_CreateManagedGenericObject function])
])
dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
NSS_LIBS=$addlib
AC_SUBST([NSS_LIBS])

View File

@ -440,7 +440,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl,
PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
}
obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
/* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
* PK11_DestroyGenericObject() does not release resources allocated by
* PK11_CreateGenericObject() early enough. */
obj =
#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
PK11_CreateManagedGenericObject
#else
PK11_CreateGenericObject
#endif
(slot, attrs, attr_cnt, PR_FALSE);
PK11_FreeSlot(slot);
if(!obj)
return result;