source:
trunk/server/common/patches/httpd-SSLCompression.patch
@
2332
Last change on this file since 2332 was 2321, checked in by geofft, 12 years ago | |
---|---|
File size: 4.5 KB |
-
modules/ssl/mod_ssl.c
Description: mod_ssl: Add new directive SSLCompression to disable TLS-level compression. Origin: http://svn.apache.org/viewvc?view=revision&revision=1369585 diff -Naur httpd-2.2.22/modules/ssl/mod_ssl.c httpd-2.2.22.patched/modules/ssl/mod_ssl.c
old new 146 146 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") 147 147 SSL_CMD_SRV(HonorCipherOrder, FLAG, 148 148 "Use the server's cipher ordering preference") 149 SSL_CMD_SRV(Compression, FLAG, 150 "Enable SSL level compression" 151 "(`on', `off')") 149 152 SSL_CMD_SRV(InsecureRenegotiation, FLAG, 150 153 "Enable support for insecure renegotiation") 151 154 SSL_CMD_ALL(UserName, TAKE1, -
modules/ssl/ssl_engine_config.c
diff -Naur httpd-2.2.22/modules/ssl/ssl_engine_config.c httpd-2.2.22.patched/modules/ssl/ssl_engine_config.c
old new 178 178 #ifdef HAVE_FIPS 179 179 sc->fips = UNSET; 180 180 #endif 181 #ifndef OPENSSL_NO_COMP 182 sc->compression = UNSET; 183 #endif 181 184 182 185 modssl_ctx_init_proxy(sc, p); 183 186 … … 275 278 #ifdef HAVE_FIPS 276 279 cfgMergeBool(fips); 277 280 #endif 281 #ifndef OPENSSL_NO_COMP 282 cfgMergeBool(compression); 283 #endif 278 284 279 285 modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); 280 286 … … 708 714 709 715 } 710 716 717 const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) 718 { 719 #if !defined(OPENSSL_NO_COMP) 720 SSLSrvConfigRec *sc = mySrvConfig(cmd->server); 721 #ifndef SSL_OP_NO_COMPRESSION 722 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); 723 if (err) 724 return "This version of openssl does not support configuring " 725 "compression within <VirtualHost> sections."; 726 #endif 727 sc->compression = flag ? TRUE : FALSE; 728 return NULL; 729 #else 730 return "Setting Compression mode unsupported; not implemented by the SSL library"; 731 #endif 732 } 733 711 734 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) 712 735 { 713 736 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE -
modules/ssl/ssl_engine_init.c
diff -Naur httpd-2.2.22/modules/ssl/ssl_engine_init.c httpd-2.2.22.patched/modules/ssl/ssl_engine_init.c
old new 503 503 } 504 504 #endif 505 505 506 507 #ifndef OPENSSL_NO_COMP 508 if (sc->compression == FALSE) { 509 #ifdef SSL_OP_NO_COMPRESSION 510 /* OpenSSL >= 1.0 only */ 511 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); 512 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L 513 sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); 514 #endif 515 } 516 #endif 517 506 518 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 507 519 if (sc->insecure_reneg == TRUE) { 508 520 SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); -
modules/ssl/ssl_private.h
diff -Naur httpd-2.2.22/modules/ssl/ssl_private.h httpd-2.2.22.patched/modules/ssl/ssl_private.h
old new 486 486 #ifdef HAVE_FIPS 487 487 BOOL fips; 488 488 #endif 489 #ifndef OPENSSL_NO_COMP 490 BOOL compression; 491 #endif 489 492 }; 490 493 491 494 /** … … 542 545 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); 543 546 const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); 544 547 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); 548 const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); 545 549 const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); 546 550 const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); 547 551 const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); -
modules/ssl/ssl_toolkit_compat.h
diff -Naur httpd-2.2.22/modules/ssl/ssl_toolkit_compat.h httpd-2.2.22.patched/modules/ssl/ssl_toolkit_compat.h
old new 276 276 #endif 277 277 #endif 278 278 279 #if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ 280 && OPENSSL_VERSION_NUMBER < 0x00908000L 281 #define OPENSSL_NO_COMP 282 #endif 283 279 284 #endif /* SSL_TOOLKIT_COMPAT_H */ 280 285 281 286 /** @} */
Note: See TracBrowser
for help on using the repository browser.