source: trunk/server/common/patches/httpd-SSLCompression.patch @ 2558

Last change on this file since 2558 was 2377, checked in by achernya, 11 years ago
Update to httpd 2.2.23
File size: 4.7 KB
RevLine 
[2321]1Description: mod_ssl: Add new directive SSLCompression to disable TLS-level compression.
2Origin: http://svn.apache.org/viewvc?view=revision&revision=1369585
3
[2377]4diff -r -U3 httpd-2.2.23/modules/ssl/mod_ssl.c httpd-2.2.23.patched/modules/ssl/mod_ssl.c
5--- httpd-2.2.23/modules/ssl/mod_ssl.c  2013-02-14 18:32:59.360289681 -0500
6+++ httpd-2.2.23.patched/modules/ssl/mod_ssl.c  2013-02-14 18:34:22.670718893 -0500
7@@ -158,6 +158,9 @@
8                 "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
[2321]9     SSL_CMD_SRV(HonorCipherOrder, FLAG,
10                 "Use the server's cipher ordering preference")
11+    SSL_CMD_SRV(Compression, FLAG,
12+                "Enable SSL level compression"
13+                "(`on', `off')")
14     SSL_CMD_SRV(InsecureRenegotiation, FLAG,
15                 "Enable support for insecure renegotiation")
16     SSL_CMD_ALL(UserName, TAKE1,
[2377]17diff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_config.c httpd-2.2.23.patched/modules/ssl/ssl_engine_config.c
18--- httpd-2.2.23/modules/ssl/ssl_engine_config.c        2013-02-14 18:32:59.358289719 -0500
19+++ httpd-2.2.23.patched/modules/ssl/ssl_engine_config.c        2013-02-14 18:34:22.672718856 -0500
20@@ -183,6 +183,9 @@
[2321]21 #ifdef HAVE_FIPS
22     sc->fips                   = UNSET;
23 #endif
24+#ifndef OPENSSL_NO_COMP
25+    sc->compression            = UNSET;
26+#endif
27 
28     modssl_ctx_init_proxy(sc, p);
29 
[2377]30@@ -281,6 +284,9 @@
[2321]31 #ifdef HAVE_FIPS
32     cfgMergeBool(fips);
33 #endif
34+#ifndef OPENSSL_NO_COMP
35+    cfgMergeBool(compression);
36+#endif
37 
38     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
39 
[2377]40@@ -714,6 +720,23 @@
[2321]41 
42 }
43 
44+const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
45+{
46+#if !defined(OPENSSL_NO_COMP)
47+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
48+#ifndef SSL_OP_NO_COMPRESSION
49+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
50+    if (err)
51+        return "This version of openssl does not support configuring "
52+               "compression within <VirtualHost> sections.";
53+#endif
54+    sc->compression = flag ? TRUE : FALSE;
55+    return NULL;
56+#else
57+    return "Setting Compression mode unsupported; not implemented by the SSL library";
58+#endif
59+}
60+
61 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
62 {
63 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
[2377]64Only in httpd-2.2.23.patched/modules/ssl: ssl_engine_config.c.orig
65diff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_init.c httpd-2.2.23.patched/modules/ssl/ssl_engine_init.c
66--- httpd-2.2.23/modules/ssl/ssl_engine_init.c  2013-02-14 18:32:59.358289719 -0500
67+++ httpd-2.2.23.patched/modules/ssl/ssl_engine_init.c  2013-02-14 18:34:22.672718856 -0500
68@@ -542,6 +542,18 @@
[2321]69     }
70 #endif
71 
72+
73+#ifndef OPENSSL_NO_COMP
74+    if (sc->compression == FALSE) {
75+#ifdef SSL_OP_NO_COMPRESSION
76+        /* OpenSSL >= 1.0 only */
77+        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
78+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
79+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
80+#endif
81+    }
82+#endif
83+
84 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
85     if (sc->insecure_reneg == TRUE) {
86         SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
[2377]87Only in httpd-2.2.23.patched/modules/ssl: ssl_engine_init.c.orig
88diff -r -U3 httpd-2.2.23/modules/ssl/ssl_private.h httpd-2.2.23.patched/modules/ssl/ssl_private.h
89--- httpd-2.2.23/modules/ssl/ssl_private.h      2013-02-14 18:32:59.357289737 -0500
90+++ httpd-2.2.23.patched/modules/ssl/ssl_private.h      2013-02-14 18:34:22.673718837 -0500
91@@ -507,6 +507,9 @@
[2321]92 #ifdef HAVE_FIPS
93     BOOL             fips;
94 #endif
95+#ifndef OPENSSL_NO_COMP
96+    BOOL             compression;
97+#endif
98 };
99 
100 /**
[2377]101@@ -563,6 +566,7 @@
[2321]102 const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
103 const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
104 const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
105+const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);
106 const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
107 const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
108 const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
[2377]109Only in httpd-2.2.23.patched/modules/ssl: ssl_private.h.orig
110diff -r -U3 httpd-2.2.23/modules/ssl/ssl_toolkit_compat.h httpd-2.2.23.patched/modules/ssl/ssl_toolkit_compat.h
111--- httpd-2.2.23/modules/ssl/ssl_toolkit_compat.h       2012-08-17 13:30:46.000000000 -0400
112+++ httpd-2.2.23.patched/modules/ssl/ssl_toolkit_compat.h       2013-02-14 18:34:22.674718818 -0500
113@@ -277,6 +277,11 @@
[2321]114 #endif
115 #endif
116 
117+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
118+    && OPENSSL_VERSION_NUMBER < 0x00908000L
119+#define OPENSSL_NO_COMP
120+#endif
121+
122 #endif /* SSL_TOOLKIT_COMPAT_H */
123 
124 /** @} */
[2377]125Only in httpd-2.2.23.patched/modules/ssl: ssl_toolkit_compat.h.orig
Note: See TracBrowser for help on using the repository browser.