Check for OPENSSL_NO_COMP before turning off compression.

2014-07-12 13:57:23 +00:00 · 2014-07-12 13:57:23 +00:00 · 2f68fa30e2
commit 2f68fa30e2
parent 6c33352cc0
2 changed files with 18 additions and 1 deletions
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.70 2014/05/18 15:33:16 pascal Exp $
+# $OpenBSD: Makefile,v 1.71 2014/07/12 13:57:23 pascal Exp $

 COMMENT=	anonymity service using onion routing

 DISTNAME=	tor-0.2.4.22
+REVISION=	0
 CATEGORIES=	net
 HOMEPAGE=	https://www.torproject.org/

--- a/net/tor/patches/patch-src_common_tortls_c
+++ b/net/tor/patches/patch-src_common_tortls_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-src_common_tortls_c,v 1.3 2014/07/12 13:57:23 pascal Exp $
+--- src/common/tortls.c.orig	Sat Jul 12 15:52:08 2014
+++ src/common/tortls.c	Sat Jul 12 15:53:06 2014
+@@ -1345,10 +1345,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned in
+     SSL_CTX_set_options(result->ctx,
+                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+   }
+#ifndef OPENSSL_NO_COMP
+   /* Don't actually allow compression; it uses ram and time, but the data
+    * we transmit is all encrypted anyway. */
+   if (result->ctx->comp_methods)
+     result->ctx->comp_methods = NULL;
+#endif
+ #ifdef SSL_MODE_RELEASE_BUFFERS
+   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
+ #endif