On Sun, Dec 30, 2012, Jeffrey Walton wrote: > On Sun, Dec 30, 2012 at 11:06 AM, Dr. Stephen Henson <st...@openssl.org> > wrote: > > On Sat, Dec 29, 2012, Dr. Stephen Henson wrote: > > > >> On Fri, Dec 28, 2012, Jeffrey Walton wrote: > >> > >> > On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller <abaci....@gmail.com> > >> > wrote: > >> > > i was going to do this: > >> > > > >> > > SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); > >> > Yeah, it looks like that's the option. I would prefer to remove the > >> > code paths all together though. > >> > > >> > If the code path does not exist, it cannot be executed. > >> > > >> > >> Unless OpenSSL has been build with the zlib or zlib-dynamic option it wont > >> use > >> zlib. Since that's the only compression method standardised for SSL/TLS it > >> effectively disables compression for SSL/TLS as a side effect as there are > >> no > >> compression methods available. > >> > > > > Ugh, that'll teach me not to do a "make clean" first. Correction: > > > > If you use "no-comp" it will remove the compression library from OpenSSL > > entirely but due to a bug (fix just committed) you'll get a linker error. > Thanks Doctor. > > Does OpenSSL have a web front-end on its version control system so I > can copy/paste the relevant changes for the commit? I'm trying avoid > moving too far away from 1.0.1c proper (May 10, 2012) since it > advertised on the download page (http://www.openssl.org/source/). >
Yes you can use the CVS web interface. For this fix the URL is: http://cvs.openssl.org/chngview?cn=23221 The actual patch can be downloaded from: http://cvs.openssl.org/patchset?cn=23221 This should just work with "patch -p1". Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org