Re: ./config and -no-zlib

Fri, 28 Dec 2012 05:23:31 -0800 

i compiled openssl with no-zlib

here is ldd of my client:

> ldd client
        linux-vdso.so.1 =>  (0x00007fff059ff000)
        libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007fefccdc9000)
        libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007fefcca17000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fefcc7fa000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fefcc48d000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fefcc289000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fefcc071000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fefcd025000)

it is still using the default libraries; when the client runs in this
environment, it suggests 2 compression methods in the handshake (NULL, and
xxxx)

then I change the LD_LIBRARY_PATH env and run again:

> export LD_LIBRARY_PATH=/home/mike02/wrk/openssl/lib
> ldd client
        linux-vdso.so.1 =>  (0x00007fff42cfa000)

        libssl.so.1.0.0 => /home/mike02/wrk/openssl/lib/libssl.so.1.0.0
(0x00007f76caf15000)
        libcrypto.so.1.0.0 =>
/home/mike02/wrk/openssl/lib/libcrypto.so.1.0.0 (0x00007f76cab34000)

        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f76ca917000)

        libc.so.6 => /lib64/libc.so.6 (0x00007f76ca5aa000)

        libdl.so.2 => /lib64/libdl.so.2 (0x00007f76ca3a6000)

        /lib64/ld-linux-x86-64.so.2 (0x00007f76cb17f000)

and in this environment (note that libz is missing), the client only
suggests 1 compression method (NULL) in the handshake.

So, compiling with no-zlib is not sufficient for turning off compression.
 It is also required to take specific actions to use the openssl libraries
compiled with the no-zlib option at runtime.

I expect that by using SSL_OP_NO_COMPRESSION, compression will suppressed
regardless of the linkage of zlib, but I haven't tested that proposal yet.


On Tue, Dec 25, 2012 at 12:27 PM, Jeffrey Walton <noloa...@gmail.com> wrote:

> Hi All,
>
> Is it sufficient to use -no-zlib to turn off SSL/TLS compression? Or
> is compression available through other libraries?
>
> Jeff
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to