Skip to content
Permalink
Browse files Browse the repository at this point in the history
Disable openssl compression support (#6433)
Openssl was depending on zlib for SSL/TLS compression,
though it was trying to load it as a dynamic library.
On Windows especially this is an issue because the dll
could possibly be loaded from a insecure place,
so this can be exploited.

Moreover it's proven that compression can lead
to leaks of information; so we completely disable it
to resolve both issues.
  • Loading branch information
Smjert committed May 9, 2020
1 parent 26d94ce commit 4d4957f
Showing 1 changed file with 1 addition and 7 deletions.
8 changes: 1 addition & 7 deletions libraries/cmake/formula/openssl/CMakeLists.txt
Expand Up @@ -7,20 +7,14 @@ include(ExternalProject)

function(opensslMain)

get_target_property(zlib_library_dir_path thirdparty_zlib BINARY_DIR)
get_target_property(zlib_library_lib_name thirdparty_zlib OUTPUT_NAME)
get_target_property(zlib_library_source_dir thirdparty_zlib SOURCE_DIR)

set(common_options
no-ssl2
no-ssl3
no-asm
no-shared
no-weak-ssl-ciphers
zlib-dynamic
no-comp
enable-cms
"--with-zlib-include=${zlib_library_source_dir}/src"
"--with-zlib-lib=${zlib_library_dir_path}/${zlib_library_lib_name}"
)

add_library(thirdparty_openssl_ssl STATIC IMPORTED GLOBAL)
Expand Down

0 comments on commit 4d4957f

Please sign in to comment.