Project

General

Profile

Feature #2445 ยป ssl-compression.diff

patrickdk, 2012-09-17 01:36

View differences:

lighttpd-1.4.31-compress/src/base.h 2012-09-16 18:29:30.130753673 -0400
280 280
	unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
281 281
	unsigned short ssl_use_sslv2;
282 282
	unsigned short ssl_use_sslv3;
283
	unsigned short ssl_use_compression;
283 284
	unsigned short ssl_verifyclient;
284 285
	unsigned short ssl_verifyclient_enforce;
285 286
	unsigned short ssl_verifyclient_depth;
lighttpd-1.4.31-compress/src/configfile.c 2012-09-16 18:34:10.289196269 -0400
107 107
		{ "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
108 108
		{ "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
109 109
		{ "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */
110
		{ "ssl.use-compression",         NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 67 */
111

  
110 112

  
111 113
		{ "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
112 114
		{ "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
......
181 183
		s->ssl_honor_cipher_order = 1;
182 184
		s->ssl_use_sslv2 = 0;
183 185
		s->ssl_use_sslv3 = 1;
186
		s->ssl_use_compression = 1;
184 187
		s->use_ipv6      = 0;
185 188
		s->set_v6only    = 1;
186 189
		s->defer_accept  = 0;
......
247 250
		cv[47].destination = s->ssl_cipher_list;
248 251
		cv[48].destination = &(s->ssl_use_sslv2);
249 252
		cv[62].destination = &(s->ssl_use_sslv3);
253
		cv[67].destination = &(s->ssl_use_compression);
250 254
		cv[63].destination = s->ssl_dh_file;
251 255
		cv[64].destination = s->ssl_ec_curve;
252 256
		cv[66].destination = &(s->ssl_honor_cipher_order);
......
345 349
	PATCH(ssl_honor_cipher_order);
346 350
	PATCH(ssl_use_sslv2);
347 351
	PATCH(ssl_use_sslv3);
352
	PATCH(ssl_use_compression);
348 353
	PATCH(etag_use_inode);
349 354
	PATCH(etag_use_mtime);
350 355
	PATCH(etag_use_size);
......
415 420
				PATCH(ssl_use_sslv2);
416 421
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
417 422
				PATCH(ssl_use_sslv3);
423
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-compression"))) {
424
				PATCH(ssl_use_compression);
418 425
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) {
419 426
				PATCH(ssl_cipher_list);
420 427
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) {
lighttpd-1.4.31-compress/src/network.c 2012-09-16 18:38:44.979186135 -0400
568 568
	/* load SSL certificates */
569 569
	for (i = 0; i < srv->config_context->used; i++) {
570 570
		specific_config *s = srv->config_storage[i];
571
#ifndef SSL_OP_NO_COMPRESSION
572
# define SSL_OP_NO_COMPRESSION 0
573
#endif
574 571
		long ssloptions =
575
			SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
572
			SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
576 573

  
577 574
		if (buffer_is_empty(s->ssl_pemfile)) continue;
578 575

  
......
627 624
			}
628 625
		}
629 626

  
627
		if (!s->ssl_use_compression) {
628
			/* disable SSL Compression */
629
#ifdef SSL_OP_NO_COMPRESSION
630
			if (!(SSL_OP_NO_COMPRESSION & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_COMPRESSION))) {
631
				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
632
						ERR_error_string(ERR_get_error(), NULL));
633
				return -1;
634
			}
635
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
636
			SSL_CTX * tls_ctx;
637
			STACK_OF(SSL_COMP)* comp_methods;
638
			comp_methods = SSL_COMP_get_compression_methods();
639
			sk_SSL_COMP_zero(comp_methods);
640
#endif
641
		}
642

  
630 643
		if (!buffer_is_empty(s->ssl_cipher_list)) {
631 644
			/* Disable support for low encryption ciphers */
632 645
			if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) {
    (1-1/1)