[tor-dev] [patch] properly test for OPENSSL_NO_COMP

Pascal Stumpf Pascal.Stumpf at cubes.de
Sun Jul 13 20:35:31 UTC 2014


LibreSSL has removed compression support.  Tor should check for the
OPENSSL_NO_COMP define before trying to disable compression at runtime.


diff --git a/src/common/tortls.c b/src/common/tortls.c
index e06a2ae..0f98968 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1314,10 +1314,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     SSL_CTX_set_options(result->ctx,
                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
   }
+#ifndef OPENSSL_NO_COMP
   /* Don't actually allow compression; it uses ram and time, but the data
    * we transmit is all encrypted anyway. */
   if (result->ctx->comp_methods)
     result->ctx->comp_methods = NULL;
+#endif
 #ifdef SSL_MODE_RELEASE_BUFFERS
   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif


More information about the tor-dev mailing list