Blame SOURCES/httpd-2.4.6-r1556473.patch

af9b8b
# ./pullrev.sh 1556473
af9b8b
af9b8b
https://bugzilla.redhat.com/show_bug.cgi?id=1036666
af9b8b
af9b8b
http://svn.apache.org/viewvc?view=revision&revision=1556473
af9b8b
af9b8b
--- httpd-2.4.6/modules/ssl/ssl_engine_config.c
af9b8b
+++ httpd-2.4.6/modules/ssl/ssl_engine_config.c
af9b8b
@@ -699,9 +699,20 @@
af9b8b
 #ifndef SSL_OP_NO_COMPRESSION
af9b8b
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
af9b8b
     if (err)
af9b8b
-        return "This version of openssl does not support configuring "
af9b8b
-               "compression within <VirtualHost> sections.";
af9b8b
+        return "This version of OpenSSL does not support enabling "
af9b8b
+               "SSLCompression within <VirtualHost> sections.";
af9b8b
 #endif
af9b8b
+    if (flag) {
af9b8b
+        /* Some (packaged) versions of OpenSSL do not support
af9b8b
+         * compression by default.  Enabling this directive would not
af9b8b
+         * have the desired effect, so fail with an error. */
af9b8b
+        STACK_OF(SSL_COMP) *meths = SSL_COMP_get_compression_methods();
af9b8b
+
af9b8b
+        if (sk_SSL_COMP_num(meths) == 0) {
af9b8b
+            return "This version of OpenSSL does not have any compression methods "
af9b8b
+                "available, cannot enable SSLCompression.";
af9b8b
+        }
af9b8b
+    }
af9b8b
     sc->compression = flag ? TRUE : FALSE;
af9b8b
     return NULL;
af9b8b
 #else