From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 20 Jun 2016 19:09:16 +0000 (+0100)
Subject: [Fix] Add workaround for ancient openssl
X-Git-Tag: 1.3.0~292
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=afb80e7bad35c2ae6d7d7f16b99a75b349b8a5ae;p=rspamd.git

[Fix] Add workaround for ancient openssl
---

diff --git a/src/libutil/util.c b/src/libutil/util.c
index 0edbb7c61..cf6101e4d 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -1977,6 +1977,7 @@ rspamd_init_libs (void)
 	struct rlimit rlim;
 	struct rspamd_external_libs_ctx *ctx;
 	struct ottery_config *ottery_cfg;
+	gint ssl_options;
 
 	ctx = g_slice_alloc0 (sizeof (*ctx));
 	ctx->crypto_ctx = rspamd_cryptobox_init ();
@@ -2042,7 +2043,15 @@ rspamd_init_libs (void)
 	ctx->ssl_ctx = SSL_CTX_new (SSLv23_method ());
 	SSL_CTX_set_verify (ctx->ssl_ctx, SSL_VERIFY_PEER, NULL);
 	SSL_CTX_set_verify_depth (ctx->ssl_ctx, 4);
-	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
+	ssl_options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
+
+#ifdef SSL_OP_NO_COMPRESSION
+	ssl_options |= SSL_OP_NO_COMPRESSION;
+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+	sk_SSL_COMP_zero (SSL_COMP_get_compression_methods ());
+#endif
+
+	SSL_CTX_set_options (ctx->ssl_ctx, ssl_options);
 #endif
 	g_random_set_seed (ottery_rand_uint32 ());