<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] support for SSL/TLS compression



Updated revision of this patch.

me
# HG changeset patch
# User Michael Elkins <me@xxxxxxxx>
# Date 1281743318 25200
# Branch HEAD
# Node ID bb4cc78c5f0e68d92e7bd33772b4893564b5b55b
# Parent  8051fc8b631c2c07e91635907ff488223d677045
add support for SSL/TLS-layer compression

diff --git a/init.h b/init.h
--- a/init.h
+++ b/init.h
@@ -2915,6 +2915,15 @@
   ** The file containing a client certificate and its associated private
   ** key.
   */
+  { "ssl_compress", DT_BOOL,   R_NONE, OPTSSLCOMPRESS, 0 },
+  /*
+  ** .pp
+  ** If this variable is \fIset\fP, Mutt will enable the use of compression
+  ** for SSL/TLS connections if the server supports it.
+  ** .pp
+  ** \fBNote:\fP When Mutt is compiled with OpenSSL, it is not possible to
+  ** disable compression without restaring Mutt.
+  */
   { "ssl_force_tls",           DT_BOOL, R_NONE, OPTSSLFORCETLS, 0 },
   /*
    ** .pp
diff --git a/mutt.h b/mutt.h
--- a/mutt.h
+++ b/mutt.h
@@ -379,6 +379,7 @@
   OPTSSLFORCETLS,
   OPTSSLVERIFYDATES,
   OPTSSLVERIFYHOST,
+  OPTSSLCOMPRESS,
 #endif /* defined(USE_SSL) */
   OPTIMPLICITAUTOVIEW,
   OPTINCLUDEONLYFIRST,
diff --git a/mutt_ssl.c b/mutt_ssl.c
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -194,6 +194,20 @@
    * itself might clobber the last SSL error. */
   SSL_load_error_strings();
   SSL_library_init();
+
+  /* according to RFC 3749, DEFLATE is 1 */
+  if (option (OPTSSLCOMPRESS))
+  {
+    dprint (1, (debugfile, "enabling SSL compression by user request\n"));
+
+    if (SSL_COMP_add_compression_method (1 , COMP_zlib ()))
+    {
+      unsigned long err = ERR_get_error ();
+      dprint (1, (debugfile, "SSL_COMP_add_compression_method() failed: %s 
(code %lu)\n",
+           ERR_error_string (err, NULL), err));
+    }
+  }
+
   init_complete = 1;
   return 0;
 }
@@ -379,6 +393,11 @@
     SSL_get_cipher_version (ssldata->ssl), SSL_get_cipher_name (ssldata->ssl));
   mutt_sleep (0);
 
+  dprint (1, (debugfile, "SSL compression method: %s\n",
+       SSL_COMP_get_name (SSL_get_current_compression (ssldata->ssl))));
+  dprint (1, (debugfile, "SSL expansion method: %s\n",
+       SSL_COMP_get_name (SSL_get_current_expansion (ssldata->ssl))));
+
   return 0;
 }
 
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -323,6 +323,23 @@
 
   gnutls_credentials_set (data->state, GNUTLS_CRD_CERTIFICATE, data->xcred);
 
+  if (option (OPTSSLCOMPRESS))
+  {
+    /*gnutls_compression_method_t*/ int compression_methods[] = {
+      GNUTLS_COMP_DEFLATE,
+      GNUTLS_COMP_NULL,
+      0
+    };
+    int rc;
+
+    /* enable TLS-level compression */
+    dprint (1, (debugfile, "enabling SSL compression by user request\n"));
+    if ((rc = gnutls_compression_set_priority (data->state, 
compression_methods) != GNUTLS_E_SUCCESS))
+    {
+      dprint (1, (debugfile, "error enabling SSL compression (code %d)\n", 
rc));
+    }
+  }
+
   err = gnutls_handshake(data->state);
 
   while (err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
@@ -361,6 +378,8 @@
     mutt_sleep (0);
   }
 
+  dprint (1, (debugfile, "SSL compression method: %s\n", NONULL 
(gnutls_compression_get_name (gnutls_compression_get (data->state)))));
+
   return 0;
 
  fail: