You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2014/01/08 10:39:44 UTC
svn commit: r1556473 - /httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
Author: jorton
Date: Wed Jan 8 09:39:44 2014
New Revision: 1556473
URL: http://svn.apache.org/r1556473
Log:
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if
enabled *and* if OpenSSL does not make any compression methods
available. Tweak wording for failure without SSL_OP_NO_COMPRESSION.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1556473&r1=1556472&r2=1556473&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Jan 8 09:39:44 2014
@@ -699,9 +699,20 @@ const char *ssl_cmd_SSLCompression(cmd_p
#ifndef SSL_OP_NO_COMPRESSION
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err)
- return "This version of openssl does not support configuring "
- "compression within <VirtualHost> sections.";
+ return "This version of OpenSSL does not support enabling "
+ "SSLCompression within <VirtualHost> sections.";
#endif
+ if (flag) {
+ /* Some (packaged) versions of OpenSSL do not support
+ * compression by default. Enabling this directive would not
+ * have the desired effect, so fail with an error. */
+ STACK_OF(SSL_COMP) *meths = SSL_COMP_get_compression_methods();
+
+ if (sk_SSL_COMP_num(meths) == 0) {
+ return "This version of OpenSSL does not have any compression methods "
+ "available, cannot enable SSLCompression.";
+ }
+ }
sc->compression = flag ? TRUE : FALSE;
return NULL;
#else