From 88d5d9dbb25bec25eb810e2855cefc0b7413d485 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Sun, 10 Jun 2012 20:21:38 +0000
Subject: [PATCH] If OPENSSL_NO_COMP is defined, omit merging the compression
 flag. Also make some code more compact, as suggested by kbrand.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1348656 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_config.c |  6 +++++-
 modules/ssl/ssl_engine_init.c   | 14 ++++++--------
 modules/ssl/ssl_private.h       |  7 +++++++
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index c642be90f7..658ef6b379 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -213,7 +213,9 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
 #ifdef HAVE_FIPS
     sc->fips                   = UNSET;
 #endif
+#ifndef OPENSSL_NO_COMP
     sc->compression            = UNSET;
+#endif
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -340,7 +342,9 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
 #ifdef HAVE_FIPS
     cfgMergeBool(fips);
 #endif
+#ifndef OPENSSL_NO_COMP
     cfgMergeBool(compression);
+#endif
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -678,7 +682,7 @@ static const char *ssl_cmd_check_file(cmd_parms *parms,
 
 const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
 {
-#if defined(SSL_OP_NO_COMPRESSION) || OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if !defined(OPENSSL_NO_COMP)
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 #ifndef SSL_OP_NO_COMPRESSION
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index fd645cc5d3..a88424f63f 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -654,17 +654,15 @@ static void ssl_init_ctx_protocol(server_rec *s,
     }
 #endif
 
-#ifdef SSL_OP_NO_COMPRESSION
-    /* OpenSSL >= 1.0 only */
+
+#ifndef OPENSSL_NO_COMP
     if (sc->compression == FALSE) {
+#ifdef SSL_OP_NO_COMPRESSION
+        /* OpenSSL >= 1.0 only */
         SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-    }
 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L
-    /* workaround for OpenSSL 0.9.8 */
-    if (sc->compression == FALSE) {
-        STACK_OF(SSL_COMP)* comp_methods;
-        comp_methods = SSL_COMP_get_compression_methods();
-        sk_SSL_COMP_zero(comp_methods);
+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
     }
 #endif
 
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 5a0373d937..64fa8b4251 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -185,6 +185,11 @@
 #define HAVE_TLSV1_X
 #endif
 
+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
+    && OPENSSL_VERSION_NUMBER < 0x00908000L
+#define OPENSSL_NO_COMP
+#endif
+
 /* SRP support came in OpenSSL 1.0.1 */
 #ifndef OPENSSL_NO_SRP
 #ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
@@ -693,7 +698,9 @@ struct SSLSrvConfigRec {
 #ifdef HAVE_FIPS
     BOOL             fips;
 #endif
+#ifndef OPENSSL_NO_COMP
     BOOL             compression;
+#endif
 };
 
 /**
-- 
2.49.0