Enable SSL_MODE_RELEASE_BUFFERS by default

GNUmakefile

@@ -1,8 +1,5 @@
 ### OpenSSL tweaking
 
-# Define to use dubious hacks to decrease OpenSSL memory consumption.
-#FEATURES+=	-DUSE_FOOTPRINT_HACKS
-
 # Define to disable server-mode SSL session caching for SSLv2 clients.
 # This is needed if SSL session resumption fails with a bufferevent error:
 # "illegal padding in SSL routines SSL2_READ_INTERNAL".

pxyconn.c

@@ -690,10 +690,10 @@ pxy_srcssl_create(pxy_conn_ctx_t *ctx, SSL *origssl)
 		ctx->enomem = 1;
 		return NULL;
 	}
-#ifdef USE_FOOTPRINT_HACKS
+#ifdef SSL_MODE_RELEASE_BUFFERS
 	/* lower memory footprint for idle connections */
 	SSL_set_mode(ssl, SSL_get_mode(ssl) | SSL_MODE_RELEASE_BUFFERS);
-#endif /* USE_FOOTPRINT_HACKS */
+#endif /* SSL_MODE_RELEASE_BUFFERS */
 	return ssl;
 }
 
@@ -833,10 +833,10 @@ pxy_dstssl_create(pxy_conn_ctx_t *ctx)
 	}
 #endif /* !OPENSSL_NO_TLSEXT */
 
-#if USE_FOOTPRINT_HACKS
+#ifdef SSL_MODE_RELEASE_BUFFERS
 	/* lower memory footprint for idle connections */
 	SSL_set_mode(ssl, SSL_get_mode(ssl) | SSL_MODE_RELEASE_BUFFERS);
-#endif /* USE_FOOTPRINT_HACKS */
+#endif /* SSL_MODE_RELEASE_BUFFERS */
 
 	/* session resuming based on remote endpoint address and port */
 	sess = cachemgr_dsess_get((struct sockaddr *)&ctx->addr,

ssl.c

@@ -114,6 +114,11 @@ ssl_openssl_version(void)
 #else /* !OPENSSL_THREADS */
 	fprintf(stderr, "OpenSSL is not thread-safe\n");
 #endif /* !OPENSSL_THREADS */
+#ifdef SSL_MODE_RELEASE_BUFFERS
+	fprintf(stderr, "Using SSL_MODE_RELEASE_BUFFERS\n");
+#else /* !SSL_MODE_RELEASE_BUFFERS */
+	fprintf(stderr, "Not using SSL_MODE_RELEASE_BUFFERS\n");
+#endif /* !SSL_MODE_RELEASE_BUFFERS */
 #if (OPENSSL_VERSION_NUMBER == 0x100000bfL) || \
     (OPENSSL_VERSION_NUMBER == 0x1000105fL)
 	fprintf(stderr, "Using direct access workaround when loading certs\n");