[Dovecot] SSL + compression?

Timo Sirainen tss at iki.fi
Sat Jun 21 10:45:27 EEST 2008


On Sat, 2008-06-21 at 09:35 +0200, Johannes Berg wrote:
> On Sat, 2008-06-21 at 09:28 +0200, Johannes Berg wrote:
> > > > I'm way behind the times.
> > > > http://www.faqs.org/rfc/rfc3749.txt
> > > 
> > > Looking at OpenSSL code, I think the patch below will give 0.9.8 ability
> > > to support deflate compression. I'm not sure if I should include that to
> > > Dovecot though. At least not for v1.1. :)
> > > 
> > > diff -r 68a0be847980 src/login-common/ssl-proxy-openssl.c
> > > --- a/src/login-common/ssl-proxy-openssl.c      Fri Jun 20 12:20:17 2008 +0300
> > > +++ b/src/login-common/ssl-proxy-openssl.c      Sat Jun 21 04:29:51 2008 +0300
> > > @@ -719,6 +719,7 @@
> > >                                  ssl_clean_free);
> > >         SSL_library_init();
> > >         SSL_load_error_strings();
> > > +       (void)SSL_COMP_get_compression_methods();
> > >  
> > >         extdata_index = SSL_get_ex_new_index(0, dovecot, NULL, NULL, NULL);
> > 
> > Huh? As far as I can tell that will just return NULL and have no side
> > effects because you haven't previously added compression methods
> > with SSL_COMP_add_compression_method.
> 
> However, digging deeper, it appears that COMP_zlib _is_ actually
> "deflate", so adding
> 
> 	SSL_COMP_add_compression_method(COMP_zlib());
> 
> should do the trick. Apparently it's compatible to gnutls too (see
> http://www.ietf.org/IESG/Implementations/rfc-3749-implementations.txt)

At least OpenSSL 0.9.8[eg]'s SSL_COMP_get_compression_methods() adds
all the compression methods on the first call. It doesn't return NULL
with me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080621/fd021677/attachment.bin 


More information about the dovecot mailing list