* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if

  enabled *and* if OpenSSL does not make any compression methods
  available.  Tweak wording for failure without SSL_OP_NO_COMPRESSION.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1556473 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index efdcf00064ef54dcab32a75046c156191613a69d..f194034f31e7f9a8ad50e72db970768a8cc7d651 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -699,9 +699,20 @@ const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
 #ifndef SSL_OP_NO_COMPRESSION
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
     if (err)
-        return "This version of openssl does not support configuring "
-               "compression within <VirtualHost> sections.";
+        return "This version of OpenSSL does not support enabling "
+               "SSLCompression within <VirtualHost> sections.";
 #endif
+    if (flag) {
+        /* Some (packaged) versions of OpenSSL do not support
+         * compression by default.  Enabling this directive would not
+         * have the desired effect, so fail with an error. */
+        STACK_OF(SSL_COMP) *meths = SSL_COMP_get_compression_methods();
+
+        if (sk_SSL_COMP_num(meths) == 0) {
+            return "This version of OpenSSL does not have any compression methods "
+                "available, cannot enable SSLCompression.";
+        }
+    }
     sc->compression = flag ? TRUE : FALSE;
     return NULL;
 #else