On Sat, May 06, 2006 at 10:45:53PM -0400, Victor Duchovni wrote:
> Is there any
> way to determine at run-time whether the OpenSSL library is a 0.9.8[ab]
> release with zlib enabled?
>
> For Postfix 2.3 (and perhaps even a 2.2 patch at some point) I would like
> to use (SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG) provided
>
> OPENSSL_VERSION_NUMBER >= 0x0090800fL &&
> OPENSSL_VERSION_NUMBER <= 0x0090802fL
>
> but it would be nice to avoid this when zlib support is not compiled in.
> Is there a run-time test for that?
It looks like I can call SSL_COMP_get_compression_methods(), and if I
get a non-null stack, check whether the stack depth is > 0.
static void my_set_options(SSL_CTX *ctx)
{
long options = SSL_OP_ALL;
#if (OPENSSL_VERSION_NUMBER < 0x0090800fL) ||
(OPENSSL_VERSION_NUMBER > 0x0090802fL)
STACK_OF(SSL_COMP) *comp_methods;
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0)
options = SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG;
#endif
SSL_CTX_set_options(ctx, options);
}
Does this seem sensible?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
