This patch is setting OPENSSL_NO_HEARTBEAT, but openssl actually only disables heartbeats when you set OPENSSL_NO_HEARTBEATS (note trailing S).
Having negative ifdefs in the first place is a pretty bad practice. This clearly shows why.
If all your IFDEFs are "positive" they have to be declared somewhere and then it's easy to "deactivate" the things you no longer want, by simply commenting a line out.
It reduces the possibility for error, and gives you a better picture of how many IFDEF conditions you are dealing with around your code.
A security bug may well require enabling a feature, rather than disabling one, and then you end up with exactly the same problem.
I personally detest #ifdef's, and would rather have multiple .c files that I can choose from to include in my build. Code infected with #ifdef'itis is unreadable, difficult to test, difficult to maintain, ...
Having negative ifdefs in the first place is a pretty bad practice. This clearly shows why.
If all your IFDEFs are "positive" they have to be declared somewhere and then it's easy to "deactivate" the things you no longer want, by simply commenting a line out.
It reduces the possibility for error, and gives you a better picture of how many IFDEF conditions you are dealing with around your code.