From: Joe Orton Date: Wed, 8 Jan 2014 09:39:44 +0000 (+0000) Subject: * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if X-Git-Tag: 2.5.0-alpha~4654 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7f2edaa14e301fb89599a0c79af89d8dbd09dba7;p=apache * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCompression): Fail if enabled *and* if OpenSSL does not make any compression methods available. Tweak wording for failure without SSL_OP_NO_COMPRESSION. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1556473 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index efdcf00064..f194034f31 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -699,9 +699,20 @@ const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) #ifndef SSL_OP_NO_COMPRESSION const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err) - return "This version of openssl does not support configuring " - "compression within sections."; + return "This version of OpenSSL does not support enabling " + "SSLCompression within sections."; #endif + if (flag) { + /* Some (packaged) versions of OpenSSL do not support + * compression by default. Enabling this directive would not + * have the desired effect, so fail with an error. */ + STACK_OF(SSL_COMP) *meths = SSL_COMP_get_compression_methods(); + + if (sk_SSL_COMP_num(meths) == 0) { + return "This version of OpenSSL does not have any compression methods " + "available, cannot enable SSLCompression."; + } + } sc->compression = flag ? TRUE : FALSE; return NULL; #else