dovecot-2.2: Compile fix for old systems without SSL_OP_NO_COMPR...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Jul 3 16:36:33 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/4c4db2d76137
changeset: 17587:4c4db2d76137
user: Timo Sirainen <tss at iki.fi>
date: Thu Jul 03 19:34:57 2014 +0300
description:
Compile fix for old systems without SSL_OP_NO_COMPRESSION
diffstat:
src/lib-ssl-iostream/iostream-openssl-context.c | 2 ++
src/login-common/ssl-proxy-openssl.c | 3 +++
2 files changed, 5 insertions(+), 0 deletions(-)
diffs (29 lines):
diff -r 120b2a1645d8 -r 4c4db2d76137 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Jul 03 19:27:45 2014 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Jul 03 19:34:57 2014 +0300
@@ -506,8 +506,10 @@
/* enable all SSL workarounds, except empty fragments as it
makes SSL more vulnerable against attacks */
+#ifdef SSL_OP_NO_COMPRESSION
if (!set->compression)
ssl_ops |= SSL_OP_NO_COMPRESSION;
+#endif
SSL_CTX_set_options(ctx->ssl_ctx, ssl_ops);
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
diff -r 120b2a1645d8 -r 4c4db2d76137 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Thu Jul 03 19:27:45 2014 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Thu Jul 03 19:34:57 2014 +0300
@@ -1016,8 +1016,11 @@
/* enable all SSL workarounds, except empty fragments as it
makes SSL more vulnerable against attacks */
long ssl_ops = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+
+#ifdef SSL_OP_NO_COMPRESSION
if (!set->parsed_opts.compression)
ssl_ops |= SSL_OP_NO_COMPRESSION;
+#endif
SSL_CTX_set_options(ssl_ctx, ssl_ops);
#ifdef SSL_MODE_RELEASE_BUFFERS
More information about the dovecot-cvs
mailing list