Hi Thijs, On 12.02.2013 16:08, Thijs Kinkhorst wrote: > Do you agree on the approach? Barring any objections I'm planning to release > this as a DSA after the weekend.
I am by no means an expert with the SSL API, but I believe your patch to disable SSL compression looks fine (although diverging from upstream's fix as you noted). Yours looks pretty much like the fix we applied to Apache. Are you sure, the negotiation patch has no side effects with respect to SSL compression? Moreover, I would suggest to announce your change in a NEWS entry for stable updates. People might rely on the renegotiation feature in multi vhost SSL setups. Otherwise I'm happy you provided a patch. The renegotiation fix should also be in Wheezy. [1] http://redmine.lighttpd.net/projects/lighttpd/repository/entry/branches/lighttpd-1.4.x/src/network.c#L576 -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
signature.asc
Description: OpenPGP digital signature