Attachment 342678 Details for Bug 462380 – Disable SSL compression

[patch] Disable SSL compression

pound-2.7a-no-ssl-compression.patch (text/plain), 2.54 KB, created by Markus Ullmann on 2013-03-19 21:49:03 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Markus Ullmann

Created: 2013-03-19 21:49:03 UTC

Size: 2.54 KB

patch

obsolete

>diff -urN ./Pound-2.7a/config.c ./Pound-2.7a-no-compression/config.c
>--- ./Pound-2.7a/config.c	2012-04-09 15:37:26.000000000 +0200
>+++ ./Pound-2.7a-no-compression/config.c	2013-03-19 22:30:51.000000000 +0100
>@@ -342,6 +342,9 @@
>             SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL);
>             SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
>             SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
>+#ifdef SSL_OP_NO_COMPRESSION
>+            SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
>+#endif
>             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
>             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
>             sprintf(lin, "%d-Pound-%ld", getpid(), random());
>@@ -362,6 +365,9 @@
>             SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL);
>             SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
>             SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
>+#ifdef SSL_OP_NO_COMPRESSION
>+            SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
>+#endif
>             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
>             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
>             sprintf(lin, "%d-Pound-%ld", getpid(), random());
>@@ -902,6 +908,9 @@
>     POUND_CTX           *pc;
> 
>     ssl_op_enable = SSL_OP_ALL;
>+#ifdef SSL_OP_NO_COMPRESSION
>+    ssl_op_enable |= SSL_OP_NO_COMPRESSION;
>+#endif
>     ssl_op_disable = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_LEGACY_SERVER_CONNECT;
> 
>     if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL)
>diff -urN ./Pound-2.7a/pound.c ./Pound-2.7a-no-compression/pound.c
>--- ./Pound-2.7a/pound.c	2012-04-09 15:37:26.000000000 +0200
>+++ ./Pound-2.7a-no-compression/pound.c	2013-03-19 22:31:40.000000000 +0100
>@@ -267,6 +267,23 @@
>     CRYPTO_set_locking_callback(l_lock);
>     init_timer();
> 
>+    /* Disable SSL Compression for OpenSSL pre-1.0.  1.0 is handled with an option in config.c */
>+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
>+#ifndef SSL_OP_NO_COMPRESSION
>+    {
>+      int i,n;
>+      STACK_OF(SSL_COMP) *ssl_comp_methods;
>+
>+      ssl_comp_methods = SSL_COMP_get_compression_methods();
>+      n = sk_SSL_COMP_num(ssl_comp_methods);
>+
>+      for(i=n-1; i>=0; i--) {
>+        sk_SSL_COMP_delete(ssl_comp_methods, i);
>+      }
>+    }
>+#endif
>+#endif
>+
>     /* prepare regular expressions */
>     if(regcomp(&HEADER, "^([a-z0-9!#$%&'*+.^_`|~-]+):[ \t]*(.*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
>     || regcomp(&CHUNK_HEAD, "^([0-9a-f]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)

Actions: View | Diff

Attachments on bug 462380: 342674 | 342678 | 386752 | 386754