ASF Bugzilla – Attachment 28782 Details for
Bug 53219
mod_ssl should allow to disable ssl compression
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to add SSLCompession On/Off parameter
apache-mod_ssl-nocompress.patch (text/plain), 3.01 KB, created by
Björn Jacke
on 2012-05-15 20:36:31 UTC
(
hide
)
Description:
patch to add SSLCompession On/Off parameter
Filename:
MIME Type:
Creator:
Björn Jacke
Created:
2012-05-15 20:36:31 UTC
Size:
3.01 KB
patch
obsolete
>diff -ur modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c >--- modules/ssl/mod_ssl.c 2010-07-12 11:47:45.000000000 -0700 >+++ modules/ssl/mod_ssl.c 2012-05-15 13:01:43.104610201 -0700 >@@ -146,6 +146,9 @@ > "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") > SSL_CMD_SRV(HonorCipherOrder, FLAG, > "Use the server's cipher ordering preference") >+ SSL_CMD_SRV(Compression, FLAG, >+ "Enable SSL level compression" >+ "(`on', `off')") > SSL_CMD_SRV(InsecureRenegotiation, FLAG, > "Enable support for insecure renegotiation") > SSL_CMD_ALL(UserName, TAKE1, >diff -ur modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_config.c >--- modules/ssl/ssl_engine_config.c 2011-04-14 06:56:17.000000000 -0700 >+++ modules/ssl/ssl_engine_config.c 2012-05-15 13:19:32.976626259 -0700 >@@ -178,6 +178,7 @@ > #ifdef HAVE_FIPS > sc->fips = UNSET; > #endif >+ sc->compression = UNSET; > > modssl_ctx_init_proxy(sc, p); > >@@ -275,6 +276,7 @@ > #ifdef HAVE_FIPS > cfgMergeBool(fips); > #endif >+ cfgMergeBool(compression); > > modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); > >@@ -708,6 +710,17 @@ > > } > >+const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) >+{ >+#ifdef SSL_OP_NO_COMPRESSION >+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); >+ sc->compression = flag?TRUE:FALSE; >+ return NULL; >+#else >+ return "Setting Compression mode unsupported; not implemented by the SSL library"; >+#endif >+} >+ > const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) > { > #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE >diff -ur modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c >--- modules/ssl/ssl_engine_init.c 2012-05-15 13:22:48.972629196 -0700 >+++ modules/ssl/ssl_engine_init.c 2012-05-15 13:05:12.680613348 -0700 >@@ -505,6 +505,12 @@ > } > #endif > >+#ifdef SSL_OP_NO_COMPRESSION >+ if (sc->compression == FALSE) { >+ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); >+ } >+#endif >+ > #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION > if (sc->insecure_reneg == TRUE) { > SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); >diff -ur modules/ssl/ssl_private.h modules/ssl/ssl_private.h >--- modules/ssl/ssl_private.h 2011-04-14 06:56:17.000000000 -0700 >+++ modules/ssl/ssl_private.h 2012-05-15 12:36:16.172587295 -0700 >@@ -486,6 +486,7 @@ > #ifdef HAVE_FIPS > BOOL fips; > #endif >+ BOOL compression; > }; > > /** >@@ -542,6 +543,7 @@ > const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); >+const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); > const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=28782">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 53219
:
28782
|
28804