Thor Lancelot Simon wrote: > On Thu, Jun 09, 2011 at 05:08:30PM +0200, Ludwig Nussel wrote: > > Thor Lancelot Simon wrote: > > > > > > Again, I think this should be configured via an option on the SSL_CTX. > > > > There is no way to set the default context options via config file > > though, right? So every application would need to be patched. > > If that's wanted, just rebuild OpenSSL without zlib support, no?
Well, that's not really a viable solution for a distribution. We prefer to have one binary package rather every setting :-) A way to set default context options via config file would be nice for other settings too. If applications could rely on a sane default config provided by the distro/admin the individual calls to SSL_CTX_set_options, SSL_CTX_set_cipher_list, SSL_CTX_set_default_verify_paths/SSL_CTX_load_verify_locations, etc in each and every applications were no longer be necessary. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org