Advertisement
Guest User

SSL compression option for Apache httpd-2.2.22

a guest
Sep 13th, 2012
1,021
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 3.78 KB | None | 0 0
  1. diff -Naur httpd-2.2.22/modules/ssl/mod_ssl.c httpd-2.2.22-compressopt/modules/ssl/mod_ssl.c
  2. --- httpd-2.2.22/modules/ssl/mod_ssl.c  2010-07-12 14:47:45.000000000 -0400
  3. +++ httpd-2.2.22-compressopt/modules/ssl/mod_ssl.c  2012-09-13 15:56:02.000000000 -0400
  4. @@ -146,6 +146,9 @@
  5.                  "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
  6.      SSL_CMD_SRV(HonorCipherOrder, FLAG,
  7.                  "Use the server's cipher ordering preference")
  8. +    SSL_CMD_SRV(Compression, FLAG,
  9. +                "Enable SSL level compression"
  10. +                "(`on', `off')")
  11.      SSL_CMD_SRV(InsecureRenegotiation, FLAG,
  12.                  "Enable support for insecure renegotiation")
  13.      SSL_CMD_ALL(UserName, TAKE1,
  14. diff -Naur httpd-2.2.22/modules/ssl/ssl_engine_config.c httpd-2.2.22-compressopt/modules/ssl/ssl_engine_config.c
  15. --- httpd-2.2.22/modules/ssl/ssl_engine_config.c    2011-04-14 09:56:17.000000000 -0400
  16. +++ httpd-2.2.22-compressopt/modules/ssl/ssl_engine_config.c    2012-09-13 15:58:26.000000000 -0400
  17. @@ -178,6 +178,7 @@
  18.  #ifdef HAVE_FIPS
  19.      sc->fips                   = UNSET;
  20.  #endif
  21. +    sc->compression            = UNSET;
  22.  
  23.      modssl_ctx_init_proxy(sc, p);
  24.  
  25. @@ -275,6 +276,7 @@
  26.  #ifdef HAVE_FIPS
  27.      cfgMergeBool(fips);
  28.  #endif
  29. +    cfgMergeBool(compression);
  30.  
  31.      modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
  32.  
  33. @@ -708,6 +710,18 @@
  34.  
  35.  }
  36.  
  37. +const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
  38. +{
  39. +#if defined(SSL_OP_NO_COMPRESSION) || OPENSSL_VERSION_NUMBER >= 0x00908000L
  40. +    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  41. +    sc->compression = flag?TRUE:FALSE;
  42. +    return NULL;
  43. +#else
  44. +    return "Setting Compression mode unsupported; not implemented by the SSL library";
  45. +#endif
  46. +}
  47. +
  48. +
  49.  const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
  50.  {
  51.  #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
  52. diff -Naur httpd-2.2.22/modules/ssl/ssl_engine_init.c httpd-2.2.22-compressopt/modules/ssl/ssl_engine_init.c
  53. --- httpd-2.2.22/modules/ssl/ssl_engine_init.c  2011-04-14 09:56:17.000000000 -0400
  54. +++ httpd-2.2.22-compressopt/modules/ssl/ssl_engine_init.c  2012-09-13 16:00:58.000000000 -0400
  55. @@ -503,6 +503,22 @@
  56.      }
  57.  #endif
  58.  
  59. +#ifdef SSL_OP_NO_COMPRESSION
  60. +    /* OpenSSL >= 1.0 only */
  61. +    if (sc->compression == FALSE) {
  62. +        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
  63. +    }
  64. +#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
  65. +    /* workaround for OpenSSL 0.9.8 */
  66. +    if (sc->compression == FALSE) {
  67. +        SSL_CTX * tls_ctx;
  68. +        STACK_OF(SSL_COMP)* comp_methods;
  69. +        comp_methods = SSL_COMP_get_compression_methods();
  70. +        sk_SSL_COMP_zero(comp_methods);
  71. +    }
  72. +#endif
  73. +
  74. +
  75.  #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
  76.      if (sc->insecure_reneg == TRUE) {
  77.          SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
  78. diff -Naur httpd-2.2.22/modules/ssl/ssl_private.h httpd-2.2.22-compressopt/modules/ssl/ssl_private.h
  79. --- httpd-2.2.22/modules/ssl/ssl_private.h  2011-04-14 09:56:17.000000000 -0400
  80. +++ httpd-2.2.22-compressopt/modules/ssl/ssl_private.h  2012-09-13 16:01:35.000000000 -0400
  81. @@ -486,6 +486,7 @@
  82.  #ifdef HAVE_FIPS
  83.      BOOL             fips;
  84.  #endif
  85. +    BOOL             compression;
  86.  };
  87.  
  88.  /**
  89. @@ -542,6 +543,7 @@
  90.  const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
  91.  const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
  92.  const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
  93. +const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);
  94.  const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
  95.  const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
  96.  const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement