On Sat, May 06, 2006 at 10:45:53PM -0400, Victor Duchovni wrote:

> Is there any
> way to determine at run-time whether the OpenSSL library is a 0.9.8[ab]
> release with zlib enabled?
> 
> For Postfix 2.3 (and perhaps even a 2.2 patch at some point) I would like
> to use (SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG) provided 
> 
>     OPENSSL_VERSION_NUMBER >= 0x0090800fL &&
>     OPENSSL_VERSION_NUMBER <= 0x0090802fL
> 
> but it would be nice to avoid this when zlib support is not compiled in.
> Is there a run-time test for that?

It looks like I can call SSL_COMP_get_compression_methods(), and if I
get a non-null stack, check whether the stack depth is > 0.

    static void my_set_options(SSL_CTX *ctx)
    {
        long options = SSL_OP_ALL;

#if (OPENSSL_VERSION_NUMBER < 0x0090800fL) ||
        (OPENSSL_VERSION_NUMBER > 0x0090802fL)

        STACK_OF(SSL_COMP) *comp_methods;

        comp_methods = SSL_COMP_get_compression_methods();
        if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0)
            options = SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG;
#endif
        SSL_CTX_set_options(ctx, options);
    }

Does this seem sensible?

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to