On Sat, May 06, 2006 at 10:45:53PM -0400, Victor Duchovni wrote: > Is there any > way to determine at run-time whether the OpenSSL library is a 0.9.8[ab] > release with zlib enabled? > > For Postfix 2.3 (and perhaps even a 2.2 patch at some point) I would like > to use (SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG) provided > > OPENSSL_VERSION_NUMBER >= 0x0090800fL && > OPENSSL_VERSION_NUMBER <= 0x0090802fL > > but it would be nice to avoid this when zlib support is not compiled in. > Is there a run-time test for that?
It looks like I can call SSL_COMP_get_compression_methods(), and if I get a non-null stack, check whether the stack depth is > 0. static void my_set_options(SSL_CTX *ctx) { long options = SSL_OP_ALL; #if (OPENSSL_VERSION_NUMBER < 0x0090800fL) || (OPENSSL_VERSION_NUMBER > 0x0090802fL) STACK_OF(SSL_COMP) *comp_methods; comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0) options = SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG; #endif SSL_CTX_set_options(ctx, options); } Does this seem sensible? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]