Skip to content

Commit 4d4957f

Browse files
authored
Disable openssl compression support (#6433)
Openssl was depending on zlib for SSL/TLS compression, though it was trying to load it as a dynamic library. On Windows especially this is an issue because the dll could possibly be loaded from a insecure place, so this can be exploited. Moreover it's proven that compression can lead to leaks of information; so we completely disable it to resolve both issues.
1 parent 26d94ce commit 4d4957f

File tree

1 file changed

+1
-7
lines changed

1 file changed

+1
-7
lines changed

Diff for: libraries/cmake/formula/openssl/CMakeLists.txt

+1-7
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,14 @@ include(ExternalProject)
77

88
function(opensslMain)
99

10-
get_target_property(zlib_library_dir_path thirdparty_zlib BINARY_DIR)
11-
get_target_property(zlib_library_lib_name thirdparty_zlib OUTPUT_NAME)
12-
get_target_property(zlib_library_source_dir thirdparty_zlib SOURCE_DIR)
13-
1410
set(common_options
1511
no-ssl2
1612
no-ssl3
1713
no-asm
1814
no-shared
1915
no-weak-ssl-ciphers
20-
zlib-dynamic
16+
no-comp
2117
enable-cms
22-
"--with-zlib-include=${zlib_library_source_dir}/src"
23-
"--with-zlib-lib=${zlib_library_dir_path}/${zlib_library_lib_name}"
2418
)
2519

2620
add_library(thirdparty_openssl_ssl STATIC IMPORTED GLOBAL)

0 commit comments

Comments
 (0)