tls: zero SSL_CTX freelist for a singleUse socket

When connecting to server with `keepAlive` turned off - make sure that
the read/write buffers won't be kept in a single use SSL_CTX instance
after the socket will be destroyed.

Fix: https://github.com/iojs/io.js/issues/1522
PR-URL: https://github.com/iojs/io.js/pull/1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index 2c15d91..3040b3a 100644 (file)
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -133,6 +133,10 @@ exports.createSecureContext = function createSecureContext(options, context) {
     }
   }
 
+  // Do not keep read/write buffers in free list
+  if (options.singleUse)
+    c.context.setFreeListLength(0);
+
   return c;
 };
 

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 84b02a7..7f83e2f 100644 (file)
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -862,6 +862,8 @@ exports.connect = function(/* [port, host], options, cb */) {
   };
 
   options = util._extend(defaults, options || {});
+  if (!options.keepAlive)
+    options.singleUse = true;
 
   assert(typeof options.checkServerIdentity === 'function');
 

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index b980fb0..97a1058 100644 (file)
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -265,6 +265,7 @@ void SecureContext::Initialize(Environment* env, Handle<Object> target) {
   env->SetProtoMethod(t, "loadPKCS12", SecureContext::LoadPKCS12);
   env->SetProtoMethod(t, "getTicketKeys", SecureContext::GetTicketKeys);
   env->SetProtoMethod(t, "setTicketKeys", SecureContext::SetTicketKeys);
+  env->SetProtoMethod(t, "setFreeListLength", SecureContext::SetFreeListLength);
   env->SetProtoMethod(t, "getCertificate", SecureContext::GetCertificate<true>);
   env->SetProtoMethod(t, "getIssuer", SecureContext::GetCertificate<false>);
 
@@ -933,6 +934,13 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) {
 }
 
 
+void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
+  SecureContext* wrap = Unwrap<SecureContext>(args.Holder());
+
+  wrap->ctx_->freelist_max_len = args[0]->Int32Value();
+}
+
+
 void SecureContext::CtxGetter(Local<String> property,
                               const PropertyCallbackInfo<Value>& info) {
   HandleScope scope(info.GetIsolate());

diff --git a/src/node_crypto.h b/src/node_crypto.h
index a623ccb..f6069f8 100644 (file)
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -85,6 +85,8 @@ class SecureContext : public BaseObject {
   static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void SetFreeListLength(
+      const v8::FunctionCallbackInfo<v8::Value>& args);
   static void CtxGetter(v8::Local<v8::String> property,
                         const v8::PropertyCallbackInfo<v8::Value>& info);