Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.11471
compression_methods_switch.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File compression_methods_switch.patch of Package compat-openssl098.11471
Index: openssl-0.9.8j/doc/ssl/SSL_COMP_add_compression_method.pod =================================================================== --- openssl-0.9.8j.orig/doc/ssl/SSL_COMP_add_compression_method.pod +++ openssl-0.9.8j/doc/ssl/SSL_COMP_add_compression_method.pod @@ -41,6 +41,24 @@ of compression methods supported on a pe The OpenSSL library has the compression methods B<COMP_rle()> and (when especially enabled during compilation) B<COMP_zlib()> available. +And, there is an environment variable to switch the compression +methods off and on. In default the compression is off to mitigate +the so called CRIME attack ( CVE-2012-4929). If you want to enable +compression again set OPENSSL_NO_DEFAULT_ZLIB to "no". + +The variable can be switched on and off at runtime; when this variable +is set "no" compression is enabled, otherwise no, for example: + +in shell 'export OPENSSL_NO_DEFAULT_ZLIB=no' +or in C to call +int setenv(const char *name, const char *value, int overwrite); and +int unsetenv(const char *name); + +Note: This reverts the behavior of the variable as it was before! + +And pay attention that this freaure is temporary, it maybe changed by +the following updates. + =head1 WARNINGS Once the identities of the compression methods for the TLS protocol have Index: openssl-0.9.8j/ssl/ssl_ciph.c =================================================================== --- openssl-0.9.8j.orig/ssl/ssl_ciph.c +++ openssl-0.9.8j/ssl/ssl_ciph.c @@ -287,7 +287,11 @@ static void load_builtin_compressions(vo MemCheck_off(); ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) + + if( getenv("OPENSSL_NO_DEFAULT_ZLIB") == NULL) + setenv("OPENSSL_NO_DEFAULT_ZLIB", "yes", 1); + + if (ssl_comp_methods != NULL && strncmp( getenv("OPENSSL_NO_DEFAULT_ZLIB"), "no", 2) == 0) { comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); if (comp != NULL)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor