On Sun, May 07, 2006, Victor Duchovni wrote:
> On Sun, May 07, 2006 at 04:28:22PM -0400, Victor Duchovni wrote:
>
> > It looks like I can call SSL_COMP_get_compression_methods(), and if I
> > get a non-null stack, check whether the stack depth is > 0.
> >
> > static void my_set_options(SSL_CTX *ctx)
> > {
> > long options = SSL_OP_ALL;
> >
> > #if (OPENSSL_VERSION_NUMBER < 0x0090800fL) ||
> > (OPENSSL_VERSION_NUMBER > 0x0090802fL)
> >
> > STACK_OF(SSL_COMP) *comp_methods;
> >
> > comp_methods = SSL_COMP_get_compression_methods();
> > if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0)
> > options = SSL_OP_ALL & ~SSL_OP_TLS_BLOCK_PADDING_BUG;
> > #endif
> > SSL_CTX_set_options(ctx, options);
> > }
> >
> > Does this seem sensible?
>
> The "#if ( < ) || ( > )" test is inverted, sorry too much on the fly
> editing, but you get the idea... Is the general approach sensible?
>
That will of course only perform the version comparison at compile time. If
OpenSSL shared libraries are updated without recomplining the source then
that might not do what you want. A runtime comparison would avoid that.
This looks like its one area which was overlooked since the SSLeay days.
Currently you have to use the function SSLeay() to get the version number at
runtime.
Some new functions with OPENSSL in them should be added.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
