From: Stuart Henderson <stu@spacehopper.org>
Date: Mon, 2 Mar 2015 14:50:43 +0000 (-0800)
Subject: Portability: only use SSL compression when available
X-Git-Tag: merge-candidate-3-v1~232
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a36e9cb25c57cf0ea850fbc0cfa25ddb9026c578;p=thirdparty%2Fsquid.git

Portability: only use SSL compression when available

Compression in SSL/TLS is deprecated. LibreSSL, BoringSSL, and some
OpenSSL builds do not contain support for it at all.
---

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 7647a5f686..68882e9552 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -325,7 +325,12 @@ adjustSSL(SSL *ssl, Ssl::Bio::sslFeatures &features)
 
     // If the client supports compression but our context does not support
     // we can not adjust.
-    if (features.compressMethod && ssl->ctx->comp_methods == NULL) {
+#if defined(OPENSSL_NO_COMP)
+    const bool requireCompression = (features.compressMethod && ssl->ctx->comp_methods == NULL);
+#else
+    const bool requireCompression = features.compressMethod;
+#endif
+    if (requireCompression) {
         debugs(83, 5, "Client Hello Data supports compression, but we do not!");
         return false;
     }
@@ -669,9 +674,11 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl)
     debugs(83, 7, "SNI server name: " << serverName);
 #endif
 
+#if defined(OPENSSL_NO_COMP)
     if (ssl->session->compress_meth)
         compressMethod = ssl->session->compress_meth;
     else if (sslVersion >= 3) //if it is 3 or newer version then compression is disabled
+#endif
         compressMethod = 0;
     debugs(83, 7, "SSL compression: " << compressMethod);