- if ($! == EAGAIN) {
- return EPOLLIN if $SSL_ERROR == SSL_WANT_READ;
- return EPOLLOUT if $SSL_ERROR == SSL_WANT_WRITE;
- die "unexpected SSL error: $SSL_ERROR";
+ return EPOLLIN if $SSL_ERROR == SSL_WANT_READ;
+ return EPOLLOUT if $SSL_ERROR == SSL_WANT_WRITE;
+ carp "unexpected SSL error: $SSL_ERROR";
+ undef;
+}
+
+sub _ctx_new ($) {
+ my ($tlsd) = @_;
+ my $ctx = IO::Socket::SSL::SSL_Context->new(
+ @{$tlsd->{ssl_ctx_opt}}, SSL_server => 1) or
+ croak "SSL_Context->new: $SSL_ERROR";
+
+ # save ~34K per idle connection (cf. SSL_CTX_set_mode(3ssl))
+ # RSS goes from 346MB to 171MB with 10K idle NNTPS clients on amd64
+ # cf. https://rt.cpan.org/Ticket/Display.html?id=129463
+ my $mode = eval { Net::SSLeay::MODE_RELEASE_BUFFERS() };
+ if ($mode && $ctx->{context}) {
+ eval { Net::SSLeay::CTX_set_mode($ctx->{context}, $mode) };
+ warn "W: $@ (setting SSL_MODE_RELEASE_BUFFERS)\n" if $@;