You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/06/10 22:21:38 UTC
svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl:
ssl_engine_config.c ssl_engine_init.c ssl_private.h
Author: sf
Date: Sun Jun 10 20:21:38 2012
New Revision: 1348656
URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
Log:
If OPENSSL_NO_COMP is defined, omit merging the compression flag.
Also make some code more compact, as suggested by Kaspar Brandt.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Sun Jun 10 20:21:38 2012
@@ -213,7 +213,9 @@ static SSLSrvConfigRec *ssl_config_serve
#ifdef HAVE_FIPS
sc->fips = UNSET;
#endif
+#ifndef OPENSSL_NO_COMP
sc->compression = UNSET;
+#endif
modssl_ctx_init_proxy(sc, p);
@@ -340,7 +342,9 @@ void *ssl_config_server_merge(apr_pool_t
#ifdef HAVE_FIPS
cfgMergeBool(fips);
#endif
+#ifndef OPENSSL_NO_COMP
cfgMergeBool(compression);
+#endif
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
@@ -678,7 +682,7 @@ static const char *ssl_cmd_check_file(cm
const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
{
-#if defined(SSL_OP_NO_COMPRESSION) || OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if !defined(OPENSSL_NO_COMP)
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
#ifndef SSL_OP_NO_COMPRESSION
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Jun 10 20:21:38 2012
@@ -654,17 +654,15 @@ static void ssl_init_ctx_protocol(server
}
#endif
-#ifdef SSL_OP_NO_COMPRESSION
- /* OpenSSL >= 1.0 only */
+
+#ifndef OPENSSL_NO_COMP
if (sc->compression == FALSE) {
+#ifdef SSL_OP_NO_COMPRESSION
+ /* OpenSSL >= 1.0 only */
SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
- }
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
- /* workaround for OpenSSL 0.9.8 */
- if (sc->compression == FALSE) {
- STACK_OF(SSL_COMP)* comp_methods;
- comp_methods = SSL_COMP_get_compression_methods();
- sk_SSL_COMP_zero(comp_methods);
+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
}
#endif
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sun Jun 10 20:21:38 2012
@@ -185,6 +185,11 @@
#define HAVE_TLSV1_X
#endif
+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
+ && OPENSSL_VERSION_NUMBER < 0x00908000L
+#define OPENSSL_NO_COMP
+#endif
+
/* SRP support came in OpenSSL 1.0.1 */
#ifndef OPENSSL_NO_SRP
#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
@@ -693,7 +698,9 @@ struct SSLSrvConfigRec {
#ifdef HAVE_FIPS
BOOL fips;
#endif
+#ifndef OPENSSL_NO_COMP
BOOL compression;
+#endif
};
/**
Re: svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c ssl_private.h
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Monday 11 June 2012, Kaspar Brand wrote:
> > URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
> > Log:
> > If OPENSSL_NO_COMP is defined, omit merging the compression flag.
> > Also make some code more compact, as suggested by Kaspar Brandt.
>
> s/Brandt/Brand/, please (or perhaps s/K.*t/kbrand/) :-)
Oops. Fixed.
Re: svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c
ssl_engine_init.c ssl_private.h
Posted by Kaspar Brand <ht...@velox.ch>.
On 10.06.2012 22:21, sf@apache.org wrote:
> Author: sf
> Date: Sun Jun 10 20:21:38 2012
> New Revision: 1348656
>
> URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
> Log:
> If OPENSSL_NO_COMP is defined, omit merging the compression flag.
> Also make some code more compact, as suggested by Kaspar Brandt.
s/Brandt/Brand/, please (or perhaps s/K.*t/kbrand/) :-)
Kaspar