Hi,
This is a patch to add a switch to openssl's compression
methords(if compression methords are configured to compile in, 'config
zlib').Add an environment variable to control compression methords on
and off.As you know,more and more architectures have hardware
compression methords already, to get benifit from the hardware
compression, and to get a good performance,we need a switch as this.
The environment variable is OPENSSL_NO_DEFAULT_ZLIB, and in default,
the variable is not set,so in default the compression methods are
available.The variable can be switch on and off at runtime;when this
variable is set(any value will ok,it just check whether it's set or
not), the compression methods are not available,after it's unset,the
compression methods will be available again.
for example:
in shell 'export OPENSSL_NO_DEFAULT_ZLIB=yes' and `unset
OPENSSL_NO_DEFAULT_ZLIB`
or in c to call
int setenv(const char *name, const char *value, int overwrite); and
int unsetenv(const char *name);
the patch is produced from openssl-0.9.8h, if other versions need the
patch also,please info me,I will send it soon.
best,
Guanjun
diff -Nupr openssl-0.9.8h.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-0.9.8h/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-0.9.8h.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2003-11-29 18:33:25.000000000 +0800
+++ openssl-0.9.8h/doc/ssl/SSL_COMP_add_compression_method.pod 2011-05-24 16:23:07.000000000 +0800
@@ -41,6 +41,17 @@ of compression methods supported on a pe
The OpenSSL library has the compression methods B<COMP_rle()> and (when
especially enabled during compilation) B<COMP_zlib()> available.
+And, there is an environment variable to switch the compression methods off and on.
+The environment variable is OPENSSL_NO_DEFAULT_ZLIB,in default, the variable is not set,
+so in default the compression methods are available.The variable can be switch on
+and off at runtime;when this variable is set(any value will ok,it just check whether it's set or not),
+the compression methods are not available,after it's unset,the compression methods will be available again.
+for example:
+in shell 'export OPENSSL_NO_DEFAULT_ZLIB=yes' and `unset OPENSSL_NO_DEFAULT_ZLIB`
+or in c to call
+int setenv(const char *name, const char *value, int overwrite); and
+int unsetenv(const char *name);
+
=head1 WARNINGS
Once the identities of the compression methods for the TLS protocol have
diff -Nupr openssl-0.9.8h.orig/ssl/ssl_ciph.c openssl-0.9.8h/ssl/ssl_ciph.c
--- openssl-0.9.8h.orig/ssl/ssl_ciph.c 2007-09-06 20:43:54.000000000 +0800
+++ openssl-0.9.8h/ssl/ssl_ciph.c 2011-05-24 16:11:53.000000000 +0800
@@ -283,7 +283,7 @@ static void load_builtin_compressions(vo
MemCheck_off();
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL)
+ if (ssl_comp_methods != NULL && getenv("OPENSSL_NO_DEFAULT_ZLIB") == NULL)
{
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
if (comp != NULL)
