File compression_methods_switch.patch of Package compat-openssl098.14113

Index: openssl-0.9.8j/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-0.9.8j.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-0.9.8j/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -41,6 +41,24 @@ of compression methods supported on a pe
 The OpenSSL library has the compression methods B<COMP_rle()> and (when
 especially enabled during compilation) B<COMP_zlib()> available.
+And, there is an environment variable to switch the compression
+methods off and on. In default the compression is off to mitigate 
+the so called CRIME attack ( CVE-2012-4929). If you want to enable 
+compression again set OPENSSL_NO_DEFAULT_ZLIB to "no".
+The variable can be switched on and off at runtime; when this variable
+is set "no" compression is enabled, otherwise no, for example:
+in shell 'export OPENSSL_NO_DEFAULT_ZLIB=no'
+or in C to call
+int setenv(const char *name, const char *value, int overwrite); and
+int unsetenv(const char *name);
+Note: This reverts the behavior of the variable as it was before!
+And pay attention that this freaure is temporary, it maybe changed by
+the following updates.
 =head1 WARNINGS
 Once the identities of the compression methods for the TLS protocol have
Index: openssl-0.9.8j/ssl/ssl_ciph.c
--- openssl-0.9.8j.orig/ssl/ssl_ciph.c
+++ openssl-0.9.8j/ssl/ssl_ciph.c
@@ -287,7 +287,11 @@ static void load_builtin_compressions(vo
-			if (ssl_comp_methods != NULL)
+			if( getenv("OPENSSL_NO_DEFAULT_ZLIB") == NULL)
+				setenv("OPENSSL_NO_DEFAULT_ZLIB", "yes", 1);
+			if (ssl_comp_methods != NULL && strncmp( getenv("OPENSSL_NO_DEFAULT_ZLIB"), "no", 2) == 0)
 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
 				if (comp != NULL)
openSUSE Build Service is sponsored by