Check out the flag
SSL_OP_NO_COMPRESSION
in combination with the
SSL_set_options()
API.
(In the sample app apps/s_client.c it is used in conjunction with
SSL_CTX_set_options(), but AFAIK you can also use it with
SSL_set_options() without any problem.)
Ger
PS: since it sounds like you have a server doing this (as you hint at
using fixed ports and client-side fixed ports are *quite* rare), you
might also consider creating two 'contexts', i.e. one SSL_CTX with and
one SSL_CTX without compression (done by calling SSL_CTX_set_options()
on each of 'em with the desired flag set), where each context is then
used to create all the SSL connections (and their SSL data structures)
for a particular port X or Y. After all, both those ports seem to
service SSL, but with different 'configurations' and that's what
SSL_CTX is for: having multiple configurations ('contexts') available
at run time. This is useful when you want to have different
capabilities of different sets of SSL connections: supported
compression, protocols, algorithms, etc.
PPS: your comp_method NULLing doesn't work out, because SSL expects at
least a 'nil' compression method (i.e. a properly initialized
comp_method stack); that means you'd have an empty comp_method stack
at least (comp_method != NULL). Which is different from an
non-existing / uninitialized comp_method stack: comp_method = NULL.
On Mon, Feb 23, 2009 at 10:03 AM, wwwclaes <tillcl...@hotmail.com> wrote:
>
> Hi, I have enabled ZLIB compression for my application. However, I want
> connections on port X to be SSL and on port Y to be SSL + ZLIB compression
> (the latter may be used over 3G connections).
>
> I have read that OpenSSL doesn't really handle this, it's all or nothing -
> but I've anyhow tried to find a workaround for it. After...
>
> ctx = SSL_CTX_new(meth);
>
> ...I do...
>
> ctx->comp_methods = NULL;
>
> ...in case of port X. It seems to almost work ;-) On my machine (Ubuntu), it
> works out just fine. But on our production server (RedHat) there is a
> segmentation fault in...
>
> EVP_DigestFinal_ex(...)
> ret=ctx->digest->final(ctx,md);
> ssl3_get_message(...)
>
> ...because digest is NULL. This only happens when I've nulled the
> comp_methods, so it is not working as planned. I think this might be
> because...
>
> load_builtin_compressions() is called from ssl_cipher_get_evp() which is
> called from ssl3_setup_key_block
>
> ...which reverts my NULL:ing somewhere in the handshake and messes things
> up.
>
> Enough of technical details for now. Has anyone been able to do per-session
> configuration of ZLIB compression or do you have any ideas how it can be
> achieved? It would be a nice thing to have, if not I have to use ZLIB above
> the OpenSSL layer.
>
> Thanks,
> Claes
> --
> View this message in context:
> http://www.nabble.com/ZLIB-compression-on-and-off-tp22101041p22101041.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: g...@hobbelt.com
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
