aboutsummaryrefslogtreecommitdiff
path: root/src/microspdy/io_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microspdy/io_openssl.c')
-rw-r--r--src/microspdy/io_openssl.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c
index 9c152d87..8dea5bb7 100644
--- a/src/microspdy/io_openssl.c
+++ b/src/microspdy/io_openssl.c
@@ -77,20 +77,28 @@ SPDYF_openssl_global_deinit()
77int 77int
78SPDYF_openssl_init(struct SPDY_Daemon *daemon) 78SPDYF_openssl_init(struct SPDY_Daemon *daemon)
79{ 79{
80 int options;
80 //create ssl context. TLSv1 used 81 //create ssl context. TLSv1 used
81 if(NULL == (daemon->io_context = SSL_CTX_new(TLSv1_server_method()))) 82 if(NULL == (daemon->io_context = SSL_CTX_new(TLSv1_server_method())))
82 { 83 {
83 SPDYF_DEBUG("Couldn't create ssl context"); 84 SPDYF_DEBUG("Couldn't create ssl context");
84 return SPDY_NO; 85 return SPDY_NO;
85 } 86 }
86 //set options for tls 87 //set options for tls
87 //TODO DH is not enabled for easier debugging 88 //TODO DH is not enabled for easier debugging
88 //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); 89 //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE);
89 90
90 //TODO here session tickets are disabled for easier debuging with 91 //TODO here session tickets are disabled for easier debuging with
91 //wireshark when using Chrome 92 //wireshark when using Chrome
92 //SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack 93 // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack
93 SSL_CTX_set_options(daemon->io_context, SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION); 94 options = SSL_OP_NO_TICKET;
95#ifdef SSL_OP_NO_COMPRESSION
96 options |= SSL_OP_NO_COMPRESSION;
97#elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */
98 sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
99#endif
100
101 SSL_CTX_set_options(daemon->io_context, options);
94 if(1 != SSL_CTX_use_certificate_file(daemon->io_context, daemon->certfile , SSL_FILETYPE_PEM)) 102 if(1 != SSL_CTX_use_certificate_file(daemon->io_context, daemon->certfile , SSL_FILETYPE_PEM))
95 { 103 {
96 SPDYF_DEBUG("Couldn't load the cert file"); 104 SPDYF_DEBUG("Couldn't load the cert file");