aboutsummaryrefslogtreecommitdiff
path: root/src/event/ngx_event_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/event/ngx_event_openssl.c')
-rw-r--r--src/event/ngx_event_openssl.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index ff604c562..e36f30c74 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -387,6 +387,11 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
#endif
+#ifdef SSL_OP_NO_TX_CERTIFICATE_COMPRESSION
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TX_CERTIFICATE_COMPRESSION);
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RX_CERTIFICATE_COMPRESSION);
+#endif
+
#ifdef SSL_OP_NO_ANTI_REPLAY
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY);
#endif
@@ -660,6 +665,36 @@ retry:
ngx_int_t
+ngx_ssl_certificate_compression(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_uint_t enable)
+{
+ if (!enable) {
+ return NGX_OK;
+ }
+
+#ifdef SSL_OP_NO_TX_CERTIFICATE_COMPRESSION
+
+ if (SSL_CTX_compress_certs(ssl->ctx, 0) == 0) {
+ ngx_ssl_error(NGX_LOG_WARN, ssl->log, 0,
+ "SSL_CTX_compress_certs() failed, ignored");
+ return NGX_OK;
+ }
+
+ SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TX_CERTIFICATE_COMPRESSION);
+
+#else
+
+ ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
+ "\"ssl_certificate_compression\" is not supported "
+ "on this platform, ignored");
+
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-31 08:56:34 +0000