Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
提交 cc5a9ba4 编写于 作者: V Viktor Dukhovni
浏览文件
操作

Restore -no_comp switch for backwards compatible behaviour 

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
上级 424d5db2
隐藏空白更改
内联 并排
Showing with 48 addition and 5 deletion
apps/apps.h
浏览文件 @ cc5a9ba4
...@@ -285,11 +285,11 @@ void wait_for_async(SSL *s); ...@@ -285,11 +285,11 @@ void wait_for_async(SSL *s);
# define OPT_S_ENUM \ # define OPT_S_ENUM \
OPT_S__FIRST=3000, \ OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \ OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S__LAST OPT_S__LAST
# define OPT_S_OPTIONS \ # define OPT_S_OPTIONS \
...@@ -298,6 +298,7 @@ void wait_for_async(SSL *s); ...@@ -298,6 +298,7 @@ void wait_for_async(SSL *s);
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \ {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
{"bugs", OPT_S_BUGS, '-' }, \ {"bugs", OPT_S_BUGS, '-' }, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
{"no_ticket", OPT_S_NOTICKET, '-' }, \ {"no_ticket", OPT_S_NOTICKET, '-' }, \
...@@ -327,6 +328,7 @@ void wait_for_async(SSL *s); ...@@ -327,6 +328,7 @@ void wait_for_async(SSL *s);
case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \ case OPT_S_NOTLS1_2: \
case OPT_S_BUGS: \ case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \ case OPT_S_COMP: \
case OPT_S_ECDHSINGLE: \ case OPT_S_ECDHSINGLE: \
case OPT_S_NOTICKET: \ case OPT_S_NOTICKET: \
......
doc/apps/s_client.pod
浏览文件 @ cc5a9ba4
...@@ -71,6 +71,8 @@ B<openssl> B<s_client> ...@@ -71,6 +71,8 @@ B<openssl> B<s_client>
[B<-fallback_scsv>] [B<-fallback_scsv>]
[B<-async>] [B<-async>]
[B<-bugs>] [B<-bugs>]
[B<-comp>]
[B<-no_comp>]
[B<-cipher cipherlist>] [B<-cipher cipherlist>]
[B<-serverpref>] [B<-serverpref>]
[B<-starttls protocol>] [B<-starttls protocol>]
...@@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine ...@@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
there are several known bug in SSL and TLS implementations. Adding this there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds. option enables various workarounds.
=item B<-comp>
Enables support for SSL/TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-no_comp>
Disables support for SSL/TLS compression.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-brief> =item B<-brief>
only provide a brief summary of connection parameters instead of the only provide a brief summary of connection parameters instead of the
......
doc/apps/s_server.pod
浏览文件 @ cc5a9ba4
...@@ -77,6 +77,8 @@ B<openssl> B<s_server> ...@@ -77,6 +77,8 @@ B<openssl> B<s_server>
[B<-no_tls1>] [B<-no_tls1>]
[B<-no_dhe>] [B<-no_dhe>]
[B<-bugs>] [B<-bugs>]
[B<-comp>]
[B<-no_comp>]
[B<-brief>] [B<-brief>]
[B<-www>] [B<-www>]
[B<-WWW>] [B<-WWW>]
...@@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine ...@@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
there are several known bug in SSL and TLS implementations. Adding this there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds. option enables various workarounds.
=item B<-comp>
Enable negotiation of TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-no_comp>
Disable negotiation of TLS compression.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-brief> =item B<-brief>
only provide a brief summary of connection parameters instead of the only provide a brief summary of connection parameters instead of the
......
doc/ssl/SSL_CONF_cmd.pod
浏览文件 @ cc5a9ba4
...@@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting B<SSL_OP_ALL>. ...@@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
=item B<-comp> =item B<-comp>
Enables support for SSL/TLS compression, same as clearing B<SSL_OP_NO_COMPRESSION>. Enables support for SSL/TLS compression, same as clearing
B<SSL_OP_NO_COMPRESSION>.
This command was introduced in OpenSSL 1.1.0.
As of OpenSSL 1.1.0, compression is off by default.
=item B<-no_comp>
Disables support for SSL/TLS compression, same as setting
B<SSL_OP_NO_COMPRESSION>.
As of OpenSSL 1.1.0, compression is off by default.
=item B<-no_ticket> =item B<-no_ticket>
......
ssl/ssl_conf.c
浏览文件 @ cc5a9ba4
...@@ -581,6 +581,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { ...@@ -581,6 +581,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
SSL_CONF_CMD_SWITCH("no_tls1_2", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("bugs", 0),
SSL_CONF_CMD_SWITCH("no_comp", 0),
SSL_CONF_CMD_SWITCH("comp", 0), SSL_CONF_CMD_SWITCH("comp", 0),
SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_ticket", 0), SSL_CONF_CMD_SWITCH("no_ticket", 0),
...@@ -640,7 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { ...@@ -640,7 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
{SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
{SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_ALL, 0}, /* bugs */
{SSL_OP_NO_COMPRESSION, 1}, /* comp */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
{SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
{SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
{SSL_OP_NO_TICKET, 0}, /* no_ticket */ {SSL_OP_NO_TICKET, 0}, /* no_ticket */
{SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
......
util/TLSProxy/Proxy.pm
浏览文件 @ cc5a9ba4
...@@ -183,7 +183,7 @@ sub start ...@@ -183,7 +183,7 @@ sub start
or die "Failed to redirect stdout: $!"; or die "Failed to redirect stdout: $!";
open(STDERR, ">&STDOUT"); open(STDERR, ">&STDOUT");
my $execcmd = $self->execute my $execcmd = $self->execute
." s_server -rev -engine ossltest -accept " ." s_server -no_comp -rev -engine ossltest -accept "
.($self->server_port) .($self->server_port)
." -cert ".$self->cert." -naccept ".$self->serverconnects; ." -cert ".$self->cert." -naccept ".$self->serverconnects;
if ($self->ciphers ne "") { if ($self->ciphers ne "") {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册