Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 4901:a0cb7fc23cc2 stable-1.2
Merge of r4868, r4869: SSL minor fixes.
*) SSL: fixed compression workaround to remove all methods.
Previous code used sk_SSL_COMP_delete(ssl_comp_methods, i) while iterating
stack from 0 to n, resulting in removal of only even compression methods.
In real life this change is a nop, as there is only one compression method
which is enabled by default in OpenSSL.
*) SSL: added version checks for ssl compression workaround.
The SSL_COMP_get_compression_methods() is only available as an API
function in OpenSSL 0.9.8+, require it explicitly to unbreak build
with OpenSSL 0.9.7.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 12 Nov 2012 18:00:32 +0000 |
| parents | 9efa21520c84 |
| children | f25d0bbc4392 |
comparison
equal
deleted
inserted
replaced
| 4900:6b4b702316a6 | 4901:a0cb7fc23cc2 |
|---|---|
| 92 SSL_library_init(); | 92 SSL_library_init(); |
| 93 SSL_load_error_strings(); | 93 SSL_load_error_strings(); |
| 94 | 94 |
| 95 OpenSSL_add_all_algorithms(); | 95 OpenSSL_add_all_algorithms(); |
| 96 | 96 |
| 97 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 97 #ifndef SSL_OP_NO_COMPRESSION | 98 #ifndef SSL_OP_NO_COMPRESSION |
| 98 { | 99 { |
| 99 /* | 100 /* |
| 100 * Disable gzip compression in OpenSSL prior to 1.0.0 version, | 101 * Disable gzip compression in OpenSSL prior to 1.0.0 version, |
| 101 * this saves about 522K per connection. | 102 * this saves about 522K per connection. |
| 102 */ | 103 */ |
| 103 int i, n; | 104 int n; |
| 104 STACK_OF(SSL_COMP) *ssl_comp_methods; | 105 STACK_OF(SSL_COMP) *ssl_comp_methods; |
| 105 | 106 |
| 106 ssl_comp_methods = SSL_COMP_get_compression_methods(); | 107 ssl_comp_methods = SSL_COMP_get_compression_methods(); |
| 107 n = sk_SSL_COMP_num(ssl_comp_methods); | 108 n = sk_SSL_COMP_num(ssl_comp_methods); |
| 108 | 109 |
| 109 for (i = 0; i < n; i++) { | 110 while (n--) { |
| 110 (void) sk_SSL_COMP_delete(ssl_comp_methods, i); | 111 (void) sk_SSL_COMP_pop(ssl_comp_methods); |
| 111 } | 112 } |
| 112 } | 113 } |
| 114 #endif | |
| 113 #endif | 115 #endif |
| 114 | 116 |
| 115 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 117 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
| 116 | 118 |
| 117 if (ngx_ssl_connection_index == -1) { | 119 if (ngx_ssl_connection_index == -1) { |