Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add support to explictly disable SSL compression.

  • Loading branch information...
commit 2e4800587586e392f81c45893ec0e63cd303d748 1 parent 19b8fe1
@skinkie skinkie authored
View
2  admin/PageVServer.py
@@ -47,6 +47,7 @@
NOTE_CA_LIST = N_('File containing the trusted CA certificates, utilized for checking the client certificates (Full path to the file)')
NOTE_CIPHERS = N_('Ciphers that TLS/SSL is allowed to use. <a target="_blank" href="http://www.openssl.org/docs/apps/ciphers.html">Reference</a>. (Default: HIGH:!aNULL:!MD5).')
NOTE_CIPHER_SERVER_PREFERENCE = N_('The cipher sequence that is specified by the server should have preference over the preference of the client. (Default: False).')
+NOTE_COMPRESSION = N_('Explicitly enable or disable serverside compression support. (Default: True).')
NOTE_CLIENT_CERTS = N_('Skip, Accept or Require client certificates.')
NOTE_VERIFY_DEPTH = N_('Limit up to which depth certificates in a chain are used during the verification procedure (Default: 1)')
NOTE_ERROR_HANDLER = N_('Allows the selection of how to generate the error responses.')
@@ -668,6 +669,7 @@ def __init__ (self, vsrv_num, refreshable):
table.Add (_('Ciphers'), CTK.TextCfg ('%s!ssl_ciphers' %(pre), True), _(NOTE_CIPHERS))
table.Add (_('Server Preference'), CTK.CheckCfgText ('%s!ssl_cipher_server_preference' % (pre), False, _('Prefer')), _(NOTE_CIPHER_SERVER_PREFERENCE))
table.Add (_('Client Certs. Request'), CTK.ComboCfg('%s!ssl_client_certs' %(pre), trans_options(CLIENT_CERTS)), _(NOTE_CLIENT_CERTS))
+ table.Add (_('Compression'), CTK.CheckCfgText ('%s!ssl_compression' % (pre), False, _('Prefer')), _(NOTE_COMPRESSION))
if CTK.cfg.get_val('%s!ssl_client_certs' %(pre)):
table.Add (_('CA List'), CTK.TextCfg ('%s!ssl_ca_list_file' %(pre), False), _(NOTE_CA_LIST))
View
10 cherokee/cryptor_libssl.c
@@ -394,6 +394,16 @@ _vserver_new (cherokee_cryptor_t *cryp,
}
#endif
+#ifndef OPENSSL_NO_COMP
+ if (! vsrv->ssl_compression) {
+#ifdef SSL_OP_NO_COMPRESSION
+ options |= SSL_OP_NO_COMPRESSION;
+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
+ }
+#endif
+
SSL_CTX_set_options (n->context, options);
/* Set cipher list that vserver will accept.
View
6 cherokee/virtual_server.c
@@ -70,6 +70,7 @@ cherokee_virtual_server_new (cherokee_virtual_server_t **vserver, void *server)
n->hsts.max_age = 365 * 24 * 60 * 60;
n->cipher_server_preference = false;
+ n->ssl_compression = true;
/* Virtual entries
*/
@@ -1156,6 +1157,11 @@ configure_virtual_server_property (cherokee_config_node_t *conf, void *data)
if (ret != ret_ok)
return ret;
+ } else if (equal_buf_str (&conf->key, "ssl_compression")) {
+ ret = cherokee_atob (conf->val.buf, &vserver->ssl_compression);
+ if (ret != ret_ok)
+ return ret;
+
} else if (equal_buf_str (&conf->key, "flcache") ||
equal_buf_str (&conf->key, "collector")) {
/* Handled later on */
View
1  cherokee/virtual_server.h
@@ -76,6 +76,7 @@ typedef struct {
cherokee_buffer_t req_client_certs;
cherokee_buffer_t ciphers;
cherokee_boolean_t cipher_server_preference;
+ cherokee_boolean_t ssl_compression;
cherokee_cryptor_vserver_t *cryptor;
struct {
Please sign in to comment.
Something went wrong with that request. Please try again.