INN commit: branches/2.6 (doc/pod/news.pod nnrpd/tls.c)
INN Commit
rra at isc.org
Thu Dec 10 20:41:29 UTC 2015
Date: Thursday, December 10, 2015 @ 12:41:29
Author: iulius
Revision: 9972
Support older versions of OpenSSL (up to v0.9.8) to disable TLS compression
The tlscompression parameter in inn.conf now works for OpenSSL versions
superior to v0.9.8.
Modified:
branches/2.6/doc/pod/news.pod
branches/2.6/nnrpd/tls.c
------------------+
doc/pod/news.pod | 6 ++++++
nnrpd/tls.c | 4 ++++
2 files changed, 10 insertions(+)
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2015-12-10 20:30:10 UTC (rev 9971)
+++ doc/pod/news.pod 2015-12-10 20:41:29 UTC (rev 9972)
@@ -24,6 +24,12 @@
=item *
+The I<tlscompression> parameter in F<inn.conf> now also permits to
+disable TLS compression with S<OpenSSL 0.9.8>. It previously had an
+effect only when S<OpenSSL 1.0.0> or later was used.
+
+=item *
+
B<nntpsend> now correctly waits until all of the child B<innxmit>
processes exit before it does. It was causing B<nntpsend> to fail
to work properly on systems that use systemd, because when it exits
Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c 2015-12-10 20:30:10 UTC (rev 9971)
+++ nnrpd/tls.c 2015-12-10 20:41:29 UTC (rev 9972)
@@ -626,7 +626,11 @@
if (!tls_compression) {
#ifdef SSL_OP_NO_COMPRESSION
+ /* Option implemented in OpenSSL 1.0.0. */
SSL_CTX_set_options(CTX, SSL_OP_NO_COMPRESSION);
+#elif OPENSSL_VERSION_NUMBER >= 0x00090800fL
+ /* Workaround for OpenSSL 0.9.8. */
+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
}
More information about the inn-committers
mailing list