source:
trunk/server/common/patches/httpd-SSLCompression.patch
@
  2476
        
        | Last change on this file since 2476 was 2377, checked in by achernya, 13 years ago | |
|---|---|
| File size: 4.7 KB | |
- 
        modules/ssl/mod_ssl.cDescription: mod_ssl: Add new directive SSLCompression to disable TLS-level compression. Origin: http://svn.apache.org/viewvc?view=revision&revision=1369585 diff -r -U3 httpd-2.2.23/modules/ssl/mod_ssl.c httpd-2.2.23.patched/modules/ssl/mod_ssl.c old new 158 158 "('[+-][" SSL_PROTOCOLS "] ...' - see manual)") 159 159 SSL_CMD_SRV(HonorCipherOrder, FLAG, 160 160 "Use the server's cipher ordering preference") 161 SSL_CMD_SRV(Compression, FLAG, 162 "Enable SSL level compression" 163 "(`on', `off')") 161 164 SSL_CMD_SRV(InsecureRenegotiation, FLAG, 162 165 "Enable support for insecure renegotiation") 163 166 SSL_CMD_ALL(UserName, TAKE1, 
- 
        modules/ssl/ssl_engine_config.cdiff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_config.c httpd-2.2.23.patched/modules/ssl/ssl_engine_config.c old new 183 183 #ifdef HAVE_FIPS 184 184 sc->fips = UNSET; 185 185 #endif 186 #ifndef OPENSSL_NO_COMP 187 sc->compression = UNSET; 188 #endif 186 189 187 190 modssl_ctx_init_proxy(sc, p); 188 191 … … 281 284 #ifdef HAVE_FIPS 282 285 cfgMergeBool(fips); 283 286 #endif 287 #ifndef OPENSSL_NO_COMP 288 cfgMergeBool(compression); 289 #endif 284 290 285 291 modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); 286 292 … … 714 720 715 721 } 716 722 723 const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) 724 { 725 #if !defined(OPENSSL_NO_COMP) 726 SSLSrvConfigRec *sc = mySrvConfig(cmd->server); 727 #ifndef SSL_OP_NO_COMPRESSION 728 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); 729 if (err) 730 return "This version of openssl does not support configuring " 731 "compression within <VirtualHost> sections."; 732 #endif 733 sc->compression = flag ? TRUE : FALSE; 734 return NULL; 735 #else 736 return "Setting Compression mode unsupported; not implemented by the SSL library"; 737 #endif 738 } 739 717 740 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) 718 741 { 719 742 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE 
- 
        modules/ssl/ssl_engine_init.cOnly in httpd-2.2.23.patched/modules/ssl: ssl_engine_config.c.orig diff -r -U3 httpd-2.2.23/modules/ssl/ssl_engine_init.c httpd-2.2.23.patched/modules/ssl/ssl_engine_init.c old new 542 542 } 543 543 #endif 544 544 545 546 #ifndef OPENSSL_NO_COMP 547 if (sc->compression == FALSE) { 548 #ifdef SSL_OP_NO_COMPRESSION 549 /* OpenSSL >= 1.0 only */ 550 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); 551 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L 552 sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); 553 #endif 554 } 555 #endif 556 545 557 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 546 558 if (sc->insecure_reneg == TRUE) { 547 559 SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); 
- 
        modules/ssl/ssl_private.hOnly in httpd-2.2.23.patched/modules/ssl: ssl_engine_init.c.orig diff -r -U3 httpd-2.2.23/modules/ssl/ssl_private.h httpd-2.2.23.patched/modules/ssl/ssl_private.h old new 507 507 #ifdef HAVE_FIPS 508 508 BOOL fips; 509 509 #endif 510 #ifndef OPENSSL_NO_COMP 511 BOOL compression; 512 #endif 510 513 }; 511 514 512 515 /** … … 563 566 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); 564 567 const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); 565 568 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); 569 const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); 566 570 const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); 567 571 const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); 568 572 const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); 
- 
        modules/ssl/ssl_toolkit_compat.hOnly in httpd-2.2.23.patched/modules/ssl: ssl_private.h.orig diff -r -U3 httpd-2.2.23/modules/ssl/ssl_toolkit_compat.h httpd-2.2.23.patched/modules/ssl/ssl_toolkit_compat.h old new 277 277 #endif 278 278 #endif 279 279 280 #if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ 281 && OPENSSL_VERSION_NUMBER < 0x00908000L 282 #define OPENSSL_NO_COMP 283 #endif 284 280 285 #endif /* SSL_TOOLKIT_COMPAT_H */ 281 286 282 287 /** @} */ 
Note: See TracBrowser
        for help on using the repository browser.
    
