openssl got rid of their freelists a while ago.

so remove the hack we did to manually force them to not be used.
2025-03-10 04:59:02 -04:00 · 2018-04-02 17:58:00 +02:00 · 2018-04-02 17:58:00 +02:00 · 28922323a7
commit 28922323a7
parent f05782440b
1 changed files with 0 additions and 15 deletions
--- a/src/domain.c
+++ b/src/domain.c
@ -383,21 +383,6 @@ kore_domain_tlsinit(struct kore_domain *dom)

 	SSL_CTX_set_session_id_context(dom->ssl_ctx,
 	    (unsigned char *)SSL_SESSION_ID, strlen(SSL_SESSION_ID));
-
-	/*
-	 * Force OpenSSL to not use its freelists. Even without using
-	 * SSL_MODE_RELEASE_BUFFERS there are times it will use the
-	 * freelists. So forcefully putting its max length to 0 is the
-	 * only we choice we seem to have.
-	 *
-	 * Note that OpenBSD has since heartbleed removed freelists
-	 * from its OpenSSL in base so we don't need to care about it.
-	 */
-#if !defined(LIBRESSL_VERSION_TEXT)
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-	dom->ssl_ctx->freelist_max_len = 0;
-#endif
-#endif
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);

 	if (tls_version == KORE_TLS_VERSION_BOTH) {