From: Joe Orton Date: Wed, 8 Jan 2014 09:39:44 +0000 (+0000) Subject: * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b4ee292f507281bf1c9d058e7e2ff1a064efef8;p=thirdparty%2Fapache%2Fhttpd.git * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if enabled *and* if OpenSSL does not make any compression methods available. Tweak wording for failure without SSL_OP_NO_COMPRESSION. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1556473 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index efdcf00064e..f194034f31e 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -699,9 +699,20 @@ const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) #ifndef SSL_OP_NO_COMPRESSION const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err) - return "This version of openssl does not support configuring " - "compression within sections."; + return "This version of OpenSSL does not support enabling " + "SSLCompression within sections."; #endif + if (flag) { + /* Some (packaged) versions of OpenSSL do not support + * compression by default. Enabling this directive would not + * have the desired effect, so fail with an error. */ + STACK_OF(SSL_COMP) *meths = SSL_COMP_get_compression_methods(); + + if (sk_SSL_COMP_num(meths) == 0) { + return "This version of OpenSSL does not have any compression methods " + "available, cannot enable SSLCompression."; + } + } sc->compression = flag ? TRUE : FALSE; return NULL; #else