On 19/12/16 23:05, Kurt Roeckx wrote:
> > You should use SSL_COMP_free_compression_methods() so that we can > put the internal pointer to NULL. > Thanks for suggesting that, I notice that method is only available with OpenSSL 1.0.2 and I'm also trying to build backports for jessie (OpenSSL 1.0.1) Is there anything I can do that will be 1.0.1 compatible? Maybe I could also do this: #if OPENSSL_VERSION_NUMBER < 0x01000200f ErrLog(<<"Unable to free compression methods on OpenSSL < 1.0.2"); #else SSL_COMP_free_compression_methods() #endif so that the code will compile with either OpenSSL version, but people stuck with an older OpenSSL will potentially have the leak. I saw some other discussions of this API method in various Github issues: https://github.com/curl/curl/issues/905 https://github.com/curl/curl/issues/817 Regards, Daniel
