------------------------------------------------------------ revno: 13768 revision-id: squid3@treenet.co.nz-20150303145733-vd3dqalufmjalqcf parent: squid3@treenet.co.nz-20150303144801-h3qb4zdqjgd0e0ea author: Stuart Henderson committer: Amos Jeffries branch nick: 3.5 timestamp: Tue 2015-03-03 06:57:33 -0800 message: Portability: only use SSL compression when available Compression in SSL/TLS is deprecated. LibreSSL, BoringSSL, and some OpenSSL builds do not contain support for it at all. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150303145733-vd3dqalufmjalqcf # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: b03c073b511d394f08c462a889eb06d4359245dd # timestamp: 2015-03-03 14:58:45 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20150303144801-\ # h3qb4zdqjgd0e0ea # # Begin patch === modified file 'src/ssl/bio.cc' --- src/ssl/bio.cc 2015-03-02 18:14:14 +0000 +++ src/ssl/bio.cc 2015-03-03 14:57:33 +0000 @@ -328,7 +328,12 @@ // If the client supports compression but our context does not support // we can not adjust. - if (features.compressMethod && ssl->ctx->comp_methods == NULL) { +#if !defined(OPENSSL_NO_COMP) + const bool requireCompression = (features.compressMethod && ssl->ctx->comp_methods == NULL); +#else + const bool requireCompression = features.compressMethod; +#endif + if (requireCompression) { debugs(83, 5, "Client Hello Data supports compression, but we do not!"); return false; } @@ -672,9 +677,11 @@ debugs(83, 7, "SNI server name: " << serverName); #endif +#if !defined(OPENSSL_NO_COMP) if (ssl->session->compress_meth) compressMethod = ssl->session->compress_meth; else if (sslVersion >= 3) //if it is 3 or newer version then compression is disabled +#endif compressMethod = 0; debugs(83, 7, "SSL compression: " << compressMethod);