From: Michael Friedrich <michael.friedrich@netways.de>
Date: Mon, 25 Jan 2016 13:53:26 +0000 (+0100)
Subject: Only set SSL_OP_NO_COMPRESSION if supported
X-Git-Tag: v2.4.2~10
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d1cc56bbaa95ccbe83fd3ee46a2ea7a84f60a3c9;p=icinga2

Only set SSL_OP_NO_COMPRESSION if supported

OpenSSL 0.9.8 does not support this flag.

fixes #10988
---

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index e623053bd..cc6efe589 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -85,7 +85,13 @@ boost::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& pr
 
 	boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
 
-	SSL_CTX_set_options(sslContext.get(), SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
+	long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
+#ifdef SSL_OP_NO_COMPRESSION
+	flags |= SSL_OP_NO_COMPRESSION;
+#endif
+
+	SSL_CTX_set_options(sslContext.get(), flags);
 
 	SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 	SSL_CTX_set_session_id_context(sslContext.get(), (const unsigned char *)"Icinga 2", 8);