You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/06/10 22:21:38 UTC

svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c ssl_private.h

Author: sf
Date: Sun Jun 10 20:21:38 2012
New Revision: 1348656

URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
Log:
If OPENSSL_NO_COMP is defined, omit merging the compression flag.
Also make some code more compact, as suggested by Kaspar Brandt.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Sun Jun 10 20:21:38 2012
@@ -213,7 +213,9 @@ static SSLSrvConfigRec *ssl_config_serve
 #ifdef HAVE_FIPS
     sc->fips                   = UNSET;
 #endif
+#ifndef OPENSSL_NO_COMP
     sc->compression            = UNSET;
+#endif
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -340,7 +342,9 @@ void *ssl_config_server_merge(apr_pool_t
 #ifdef HAVE_FIPS
     cfgMergeBool(fips);
 #endif
+#ifndef OPENSSL_NO_COMP
     cfgMergeBool(compression);
+#endif
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -678,7 +682,7 @@ static const char *ssl_cmd_check_file(cm
 
 const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
 {
-#if defined(SSL_OP_NO_COMPRESSION) || OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if !defined(OPENSSL_NO_COMP)
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 #ifndef SSL_OP_NO_COMPRESSION
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Jun 10 20:21:38 2012
@@ -654,17 +654,15 @@ static void ssl_init_ctx_protocol(server
     }
 #endif
 
-#ifdef SSL_OP_NO_COMPRESSION
-    /* OpenSSL >= 1.0 only */
+
+#ifndef OPENSSL_NO_COMP
     if (sc->compression == FALSE) {
+#ifdef SSL_OP_NO_COMPRESSION
+        /* OpenSSL >= 1.0 only */
         SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-    }
 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L
-    /* workaround for OpenSSL 0.9.8 */
-    if (sc->compression == FALSE) {
-        STACK_OF(SSL_COMP)* comp_methods;
-        comp_methods = SSL_COMP_get_compression_methods();
-        sk_SSL_COMP_zero(comp_methods);
+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
     }
 #endif
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1348656&r1=1348655&r2=1348656&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sun Jun 10 20:21:38 2012
@@ -185,6 +185,11 @@
 #define HAVE_TLSV1_X
 #endif
 
+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
+    && OPENSSL_VERSION_NUMBER < 0x00908000L
+#define OPENSSL_NO_COMP
+#endif
+
 /* SRP support came in OpenSSL 1.0.1 */
 #ifndef OPENSSL_NO_SRP
 #ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
@@ -693,7 +698,9 @@ struct SSLSrvConfigRec {
 #ifdef HAVE_FIPS
     BOOL             fips;
 #endif
+#ifndef OPENSSL_NO_COMP
     BOOL             compression;
+#endif
 };
 
 /**

Re: svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c ssl_private.h

Posted by Stefan Fritsch <sf...@sfritsch.de>.

On Monday 11 June 2012, Kaspar Brand wrote:
> > URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
> > Log:
> > If OPENSSL_NO_COMP is defined, omit merging the compression flag.
> > Also make some code more compact, as suggested by Kaspar Brandt.
> 
> s/Brandt/Brand/, please (or perhaps s/K.*t/kbrand/) :-)

Oops. Fixed.

Re: svn commit: r1348656 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c ssl_private.h

Posted by Kaspar Brand <ht...@velox.ch>.

On 10.06.2012 22:21, sf@apache.org wrote:
> Author: sf
> Date: Sun Jun 10 20:21:38 2012
> New Revision: 1348656
> 
> URL: http://svn.apache.org/viewvc?rev=1348656&view=rev
> Log:
> If OPENSSL_NO_COMP is defined, omit merging the compression flag.
> Also make some code more compact, as suggested by Kaspar Brandt.

s/Brandt/Brand/, please (or perhaps s/K.*t/kbrand/) :-)

Kaspar