Feature #2445 ยป ssl-compression.diff
lighttpd-1.4.31-compress/src/base.h 2012-09-16 18:29:30.130753673 -0400 | ||
---|---|---|
280 | 280 |
unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */ |
281 | 281 |
unsigned short ssl_use_sslv2; |
282 | 282 |
unsigned short ssl_use_sslv3; |
283 |
unsigned short ssl_use_compression; |
|
283 | 284 |
unsigned short ssl_verifyclient; |
284 | 285 |
unsigned short ssl_verifyclient_enforce; |
285 | 286 |
unsigned short ssl_verifyclient_depth; |
lighttpd-1.4.31-compress/src/configfile.c 2012-09-16 18:34:10.289196269 -0400 | ||
---|---|---|
107 | 107 |
{ "ssl.ec-curve", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 64 */ |
108 | 108 |
{ "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */ |
109 | 109 |
{ "ssl.honor-cipher-order", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 66 */ |
110 |
{ "ssl.use-compression", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 67 */ |
|
111 | ||
110 | 112 | |
111 | 113 |
{ "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET }, |
112 | 114 |
{ "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET }, |
... | ... | |
181 | 183 |
s->ssl_honor_cipher_order = 1; |
182 | 184 |
s->ssl_use_sslv2 = 0; |
183 | 185 |
s->ssl_use_sslv3 = 1; |
186 |
s->ssl_use_compression = 1; |
|
184 | 187 |
s->use_ipv6 = 0; |
185 | 188 |
s->set_v6only = 1; |
186 | 189 |
s->defer_accept = 0; |
... | ... | |
247 | 250 |
cv[47].destination = s->ssl_cipher_list; |
248 | 251 |
cv[48].destination = &(s->ssl_use_sslv2); |
249 | 252 |
cv[62].destination = &(s->ssl_use_sslv3); |
253 |
cv[67].destination = &(s->ssl_use_compression); |
|
250 | 254 |
cv[63].destination = s->ssl_dh_file; |
251 | 255 |
cv[64].destination = s->ssl_ec_curve; |
252 | 256 |
cv[66].destination = &(s->ssl_honor_cipher_order); |
... | ... | |
345 | 349 |
PATCH(ssl_honor_cipher_order); |
346 | 350 |
PATCH(ssl_use_sslv2); |
347 | 351 |
PATCH(ssl_use_sslv3); |
352 |
PATCH(ssl_use_compression); |
|
348 | 353 |
PATCH(etag_use_inode); |
349 | 354 |
PATCH(etag_use_mtime); |
350 | 355 |
PATCH(etag_use_size); |
... | ... | |
415 | 420 |
PATCH(ssl_use_sslv2); |
416 | 421 |
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) { |
417 | 422 |
PATCH(ssl_use_sslv3); |
423 |
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-compression"))) { |
|
424 |
PATCH(ssl_use_compression); |
|
418 | 425 |
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) { |
419 | 426 |
PATCH(ssl_cipher_list); |
420 | 427 |
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) { |
lighttpd-1.4.31-compress/src/network.c 2012-09-16 18:38:44.979186135 -0400 | ||
---|---|---|
568 | 568 |
/* load SSL certificates */ |
569 | 569 |
for (i = 0; i < srv->config_context->used; i++) { |
570 | 570 |
specific_config *s = srv->config_storage[i]; |
571 |
#ifndef SSL_OP_NO_COMPRESSION |
|
572 |
# define SSL_OP_NO_COMPRESSION 0 |
|
573 |
#endif |
|
574 | 571 |
long ssloptions = |
575 |
SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
|
|
572 |
SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; |
|
576 | 573 | |
577 | 574 |
if (buffer_is_empty(s->ssl_pemfile)) continue; |
578 | 575 | |
... | ... | |
627 | 624 |
} |
628 | 625 |
} |
629 | 626 | |
627 |
if (!s->ssl_use_compression) { |
|
628 |
/* disable SSL Compression */ |
|
629 |
#ifdef SSL_OP_NO_COMPRESSION |
|
630 |
if (!(SSL_OP_NO_COMPRESSION & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_COMPRESSION))) { |
|
631 |
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", |
|
632 |
ERR_error_string(ERR_get_error(), NULL)); |
|
633 |
return -1; |
|
634 |
} |
|
635 |
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
|
636 |
SSL_CTX * tls_ctx; |
|
637 |
STACK_OF(SSL_COMP)* comp_methods; |
|
638 |
comp_methods = SSL_COMP_get_compression_methods(); |
|
639 |
sk_SSL_COMP_zero(comp_methods); |
|
640 |
#endif |
|
641 |
} |
|
642 | ||
630 | 643 |
if (!buffer_is_empty(s->ssl_cipher_list)) { |
631 | 644 |
/* Disable support for low encryption ciphers */ |
632 | 645 |
if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { |