source: trunk/server/common/patches/httpd-SSLCompression.patch @ 2490

Last change on this file since 2490 was 2377, checked in by achernya, 11 years ago
Update to httpd 2.2.23
File size: 4.7 KB

  • modules/ssl/mod_ssl.c 

    Description: mod_ssl: Add new directive SSLCompression to disable TLS-level compression.
Origin: http://svn.apache.org/viewvc?view=revision&revision=1369585

diff -r -U3 httpd-2.2.23/modules/ssl/mod_ssl.c httpd-2.2.23.patched/modules/ssl/mod_ssl.c
    old new  
    158158                "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
    159159    SSL_CMD_SRV(HonorCipherOrder, FLAG,
    160160                "Use the server's cipher ordering preference")
     161    SSL_CMD_SRV(Compression, FLAG,
     162                "Enable SSL level compression"
     163                "(`on', `off')")
    161164    SSL_CMD_SRV(InsecureRenegotiation, FLAG,
    162165                "Enable support for insecure renegotiation")
    163166    SSL_CMD_ALL(UserName, TAKE1,

  • modules/ssl/ssl_engine_config.c 

    diff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_config.c httpd-2.2.23.patched/modules/ssl/ssl_engine_config.c
    old new  
    183183#ifdef HAVE_FIPS
    184184    sc->fips                   = UNSET;
    185185#endif
     186#ifndef OPENSSL_NO_COMP
     187    sc->compression            = UNSET;
     188#endif
    186189
    187190    modssl_ctx_init_proxy(sc, p);
    188191
     
    281284#ifdef HAVE_FIPS
    282285    cfgMergeBool(fips);
    283286#endif
     287#ifndef OPENSSL_NO_COMP
     288    cfgMergeBool(compression);
     289#endif
    284290
    285291    modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
    286292
     
    714720
    715721}
    716722
     723const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
     724{
     725#if !defined(OPENSSL_NO_COMP)
     726    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
     727#ifndef SSL_OP_NO_COMPRESSION
     728    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
     729    if (err)
     730        return "This version of openssl does not support configuring "
     731               "compression within <VirtualHost> sections.";
     732#endif
     733    sc->compression = flag ? TRUE : FALSE;
     734    return NULL;
     735#else
     736    return "Setting Compression mode unsupported; not implemented by the SSL library";
     737#endif
     738}
     739
    717740const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
    718741{
    719742#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE

  • modules/ssl/ssl_engine_init.c 

    Only in httpd-2.2.23.patched/modules/ssl: ssl_engine_config.c.orig
diff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_init.c httpd-2.2.23.patched/modules/ssl/ssl_engine_init.c
    old new  
    542542    }
    543543#endif
    544544
     545
     546#ifndef OPENSSL_NO_COMP
     547    if (sc->compression == FALSE) {
     548#ifdef SSL_OP_NO_COMPRESSION
     549        /* OpenSSL >= 1.0 only */
     550        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
     551#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
     552        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
     553#endif
     554    }
     555#endif
     556
    545557#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
    546558    if (sc->insecure_reneg == TRUE) {
    547559        SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);

  • modules/ssl/ssl_private.h 

    Only in httpd-2.2.23.patched/modules/ssl: ssl_engine_init.c.orig
diff -r -U3 httpd-2.2.23/modules/ssl/ssl_private.h httpd-2.2.23.patched/modules/ssl/ssl_private.h
    old new  
    507507#ifdef HAVE_FIPS
    508508    BOOL             fips;
    509509#endif
     510#ifndef OPENSSL_NO_COMP
     511    BOOL             compression;
     512#endif
    510513};
    511514
    512515/**
     
    563566const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
    564567const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
    565568const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
     569const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);
    566570const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
    567571const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
    568572const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);

  • modules/ssl/ssl_toolkit_compat.h 

    Only in httpd-2.2.23.patched/modules/ssl: ssl_private.h.orig
diff -r -U3 httpd-2.2.23/modules/ssl/ssl_toolkit_compat.h httpd-2.2.23.patched/modules/ssl/ssl_toolkit_compat.h
    old new  
    277277#endif
    278278#endif
    279279
     280#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
     281    && OPENSSL_VERSION_NUMBER < 0x00908000L
     282#define OPENSSL_NO_COMP
     283#endif
     284
    280285#endif /* SSL_TOOLKIT_COMPAT_H */
    281286
    282287/** @} */
Note: See TracBrowser for help on using the repository browser.