Project

General

Profile

Download (4 KB)

Feature #2445 ยป ssl-compression.diff

patrickdk, 2012-09-17 01:36

View differences:

lighttpd-1.4.31-compress/src/base.h 2012-09-16 18:29:30.130753673 -0400
280 280 
	unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
281 281 
	unsigned short ssl_use_sslv2;
282 282 
	unsigned short ssl_use_sslv3;
283 
	unsigned short ssl_use_compression;
283 284 
	unsigned short ssl_verifyclient;
284 285 
	unsigned short ssl_verifyclient_enforce;
285 286 
	unsigned short ssl_verifyclient_depth;
lighttpd-1.4.31-compress/src/configfile.c 2012-09-16 18:34:10.289196269 -0400
107 107 
		{ "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
108 108 
		{ "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
109 109 
		{ "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */
110 
		{ "ssl.use-compression",         NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 67 */
111 

  		




  110
  112
  
    

  		




  111
  113
  
    
		{ "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },

  		




  112
  114
  
    
		{ "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },

  		




  ......




  181
  183
  
    
		s->ssl_honor_cipher_order = 1;

  		




  182
  184
  
    
		s->ssl_use_sslv2 = 0;

  		




  183
  185
  
    
		s->ssl_use_sslv3 = 1;

  		




  
  186
  
    
		s->ssl_use_compression = 1;

  		




  184
  187
  
    
		s->use_ipv6      = 0;

  		




  185
  188
  
    
		s->set_v6only    = 1;

  		




  186
  189
  
    
		s->defer_accept  = 0;

  		




  ......




  247
  250
  
    
		cv[47].destination = s->ssl_cipher_list;

  		




  248
  251
  
    
		cv[48].destination = &(s->ssl_use_sslv2);

  		




  249
  252
  
    
		cv[62].destination = &(s->ssl_use_sslv3);

  		




  
  253
  
    
		cv[67].destination = &(s->ssl_use_compression);

  		




  250
  254
  
    
		cv[63].destination = s->ssl_dh_file;

  		




  251
  255
  
    
		cv[64].destination = s->ssl_ec_curve;

  		




  252
  256
  
    
		cv[66].destination = &(s->ssl_honor_cipher_order);

  		




  ......




  345
  349
  
    
	PATCH(ssl_honor_cipher_order);

  		




  346
  350
  
    
	PATCH(ssl_use_sslv2);

  		




  347
  351
  
    
	PATCH(ssl_use_sslv3);

  		




  
  352
  
    
	PATCH(ssl_use_compression);

  		




  348
  353
  
    
	PATCH(etag_use_inode);

  		




  349
  354
  
    
	PATCH(etag_use_mtime);

  		




  350
  355
  
    
	PATCH(etag_use_size);

  		




  ......




  415
  420
  
    
				PATCH(ssl_use_sslv2);

  		




  416
  421
  
    
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {

  		




  417
  422
  
    
				PATCH(ssl_use_sslv3);

  		




  
  423
  
    
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-compression"))) {

  		




  
  424
  
    
				PATCH(ssl_use_compression);

  		




  418
  425
  
    
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) {

  		




  419
  426
  
    
				PATCH(ssl_cipher_list);

  		




  420
  427
  
    
			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) {

  		












  

    
      lighttpd-1.4.31-compress/src/network.c	2012-09-16 18:38:44.979186135 -0400
    
  





  568
  568
  
    
	/* load SSL certificates */

  		




  569
  569
  
    
	for (i = 0; i < srv->config_context->used; i++) {

  		




  570
  570
  
    
		specific_config *s = srv->config_storage[i];

  		




  571
  
  
    
#ifndef SSL_OP_NO_COMPRESSION

  		




  572
  
  
    
# define SSL_OP_NO_COMPRESSION 0

  		




  573
  
  
    
#endif

  		




  574
  571
  
    
		long ssloptions =

  		




  575
  
  
    
			SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;

  		




  
  572
  
    
			SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;

  		




  576
  573
  
    

  		




  577
  574
  
    
		if (buffer_is_empty(s->ssl_pemfile)) continue;

  		




  578
  575
  
    

  		




  ......




  627
  624
  
    
			}

  		




  628
  625
  
    
		}

  		




  629
  626
  
    

  		




  
  627
  
    
		if (!s->ssl_use_compression) {

  		




  
  628
  
    
			/* disable SSL Compression */

  		




  
  629
  
    
#ifdef SSL_OP_NO_COMPRESSION

  		




  
  630
  
    
			if (!(SSL_OP_NO_COMPRESSION & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_COMPRESSION))) {

  		




  
  631
  
    
				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",

  		




  
  632
  
    
						ERR_error_string(ERR_get_error(), NULL));

  		




  
  633
  
    
				return -1;

  		




  
  634
  
    
			}

  		




  
  635
  
    
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L

  		




  
  636
  
    
			SSL_CTX * tls_ctx;

  		




  
  637
  
    
			STACK_OF(SSL_COMP)* comp_methods;

  		




  
  638
  
    
			comp_methods = SSL_COMP_get_compression_methods();

  		




  
  639
  
    
			sk_SSL_COMP_zero(comp_methods);

  		




  
  640
  
    
#endif

  		




  
  641
  
    
		}

  		




  
  642
  
    

  		




  630
  643
  
    
		if (!buffer_is_empty(s->ssl_cipher_list)) {

  		




  631
  644
  
    
			/* Disable support for low encryption ciphers */

  		




  632
  645
  
    
			if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) {

  		















  
    (1-1/1)