If OPENSSL_NO_COMP is defined, omit merging the compression flag.

Also make some code more compact, as suggested by kbrand.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1348656 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index c642be90f7ab02b718f0e57efbc206f2f63aabdc..658ef6b37990fbae40a06285e29e3b4f12ca2a73 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -213,7 +213,9 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
 #ifdef HAVE_FIPS
     sc->fips                   = UNSET;
 #endif
+#ifndef OPENSSL_NO_COMP
     sc->compression            = UNSET;
+#endif
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -340,7 +342,9 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
 #ifdef HAVE_FIPS
     cfgMergeBool(fips);
 #endif
+#ifndef OPENSSL_NO_COMP
     cfgMergeBool(compression);
+#endif
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -678,7 +682,7 @@ static const char *ssl_cmd_check_file(cmd_parms *parms,
 
 const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
 {
-#if defined(SSL_OP_NO_COMPRESSION) || OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if !defined(OPENSSL_NO_COMP)
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 #ifndef SSL_OP_NO_COMPRESSION
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index fd645cc5d3af9fab6ae986ece6eb9d2e947e8bf3..a88424f63f3fe3bbf9f5168282cea59f48230b88 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -654,17 +654,15 @@ static void ssl_init_ctx_protocol(server_rec *s,
     }
 #endif
 
-#ifdef SSL_OP_NO_COMPRESSION
-    /* OpenSSL >= 1.0 only */
+
+#ifndef OPENSSL_NO_COMP
     if (sc->compression == FALSE) {
+#ifdef SSL_OP_NO_COMPRESSION
+        /* OpenSSL >= 1.0 only */
         SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-    }
 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L
-    /* workaround for OpenSSL 0.9.8 */
-    if (sc->compression == FALSE) {
-        STACK_OF(SSL_COMP)* comp_methods;
-        comp_methods = SSL_COMP_get_compression_methods();
-        sk_SSL_COMP_zero(comp_methods);
+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
     }
 #endif
 

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 5a0373d9372301c739d678ee557e3b331a6d2e8b..64fa8b4251953b6965aec29e6c85f885f8265c47 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -185,6 +185,11 @@
 #define HAVE_TLSV1_X
 #endif
 
+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
+    && OPENSSL_VERSION_NUMBER < 0x00908000L
+#define OPENSSL_NO_COMP
+#endif
+
 /* SRP support came in OpenSSL 1.0.1 */
 #ifndef OPENSSL_NO_SRP
 #ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
@@ -693,7 +698,9 @@ struct SSLSrvConfigRec {
 #ifdef HAVE_FIPS
     BOOL             fips;
 #endif
+#ifndef OPENSSL_NO_COMP
     BOOL             compression;
+#endif
 };
 
 /**