Index: modules/ssl/ssl_private.h =================================================================== --- modules/ssl/ssl_private.h (revision 1395230) +++ modules/ssl/ssl_private.h (revision 1395231) @@ -64,6 +64,11 @@ #define HAVE_TLSV1_X #endif +#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ + && OPENSSL_VERSION_NUMBER < 0x00908000L +#define OPENSSL_NO_COMP +#endif + #include "ssl_util_ssl.h" /** The #ifdef macros are only defined AFTER including the above @@ -504,6 +509,9 @@ #ifdef HAVE_FIPS BOOL fips; #endif +#ifndef OPENSSL_NO_COMP + BOOL compression; +#endif }; /** @@ -560,6 +568,7 @@ const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); +const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); Index: modules/ssl/ssl_engine_init.c =================================================================== --- modules/ssl/ssl_engine_init.c (revision 1395230) +++ modules/ssl/ssl_engine_init.c (revision 1395231) @@ -533,6 +533,18 @@ } #endif + +#ifndef OPENSSL_NO_COMP + if (sc->compression == FALSE) { +#ifdef SSL_OP_NO_COMPRESSION + /* OpenSSL >= 1.0 only */ + SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); +#elif OPENSSL_VERSION_NUMBER >= 0x00908000L + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); +#endif + } +#endif + #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION if (sc->insecure_reneg == TRUE) { SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); Index: modules/ssl/ssl_engine_config.c =================================================================== --- modules/ssl/ssl_engine_config.c (revision 1395230) +++ modules/ssl/ssl_engine_config.c (revision 1395231) @@ -180,6 +180,9 @@ #ifdef HAVE_FIPS sc->fips = UNSET; #endif +#ifndef OPENSSL_NO_COMP + sc->compression = UNSET; +#endif modssl_ctx_init_proxy(sc, p); @@ -278,6 +281,9 @@ #ifdef HAVE_FIPS cfgMergeBool(fips); #endif +#ifndef OPENSSL_NO_COMP + cfgMergeBool(compression); +#endif modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); @@ -711,6 +717,23 @@ } +const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) +{ +#if !defined(OPENSSL_NO_COMP) + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); +#ifndef SSL_OP_NO_COMPRESSION + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err) + return "This version of openssl does not support configuring " + "compression within sections."; +#endif + sc->compression = flag ? TRUE : FALSE; + return NULL; +#else + return "Setting Compression mode unsupported; not implemented by the SSL library"; +#endif +} + const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) { #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE Index: modules/ssl/mod_ssl.c =================================================================== --- modules/ssl/mod_ssl.c (revision 1395230) +++ modules/ssl/mod_ssl.c (revision 1395231) @@ -156,6 +156,9 @@ "('[+-][" SSL_PROTOCOLS "] ...' - see manual)") SSL_CMD_SRV(HonorCipherOrder, FLAG, "Use the server's cipher ordering preference") + SSL_CMD_SRV(Compression, FLAG, + "Enable SSL level compression" + "(`on', `off')") SSL_CMD_SRV(InsecureRenegotiation, FLAG, "Enable support for insecure renegotiation") SSL_CMD_ALL(UserName, TAKE1, Index: . =================================================================== --- . (revision 1395230) +++ . (revision 1395231) Property changes on: . ___________________________________________________________________ Modified: svn:mergeinfo Merged /httpd/httpd/trunk:r1345319,1348656