From 490781d998688125505dd56b6b52187644864005 Mon Sep 17 00:00:00 2001
From: Jonathan G Rennison <j.g.rennison@gmail.com>
Date: Wed, 10 Dec 2014 20:05:00 +0000
Subject: [PATCH] Add dynamic linking for functions required by SSL v2/3
 disabling patch.

---
 libhttp/ssl.c | 16 +++++++++++++++-
 libhttp/ssl.h |  6 ++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index c932deb..b96f9d9 100644
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -136,6 +136,9 @@ int           (*SSL_write)(SSL *, const void *, int);
 SSL_METHOD *  (*SSLv23_server_method)(void);
 X509 *        (*d2i_X509)(X509 **px, const unsigned char **in, int len);
 void          (*X509_free)(X509 *a);
+int           (*x_SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
+void          (*x_sk_zero)(void *st);
+void *        (*x_SSL_COMP_get_compression_methods)(void);
 #endif
 
 static void sslDestroyCachedContext(void *ssl_, char *context_) {
@@ -308,7 +311,9 @@ static void loadSSL(void) {
     { { &SSL_write },                   "SSL_write" },
     { { &SSLv23_server_method },        "SSLv23_server_method" },
     { { &d2i_X509 },                    "d2i_X509" },
-    { { &X509_free },                   "X509_free" }
+    { { &X509_free },                   "X509_free" },
+    { { &x_SSL_CTX_set_cipher_list },   "SSL_CTX_set_cipher_list" },
+    { { &x_sk_zero },                   "sk_zero" }
   };
   for (unsigned i = 0; i < sizeof(symbols)/sizeof(symbols[0]); i++) {
     if (!(*symbols[i].var = loadSymbol(path_libssl, symbols[i].fn))) {
@@ -320,6 +325,10 @@ static void loadSSL(void) {
       return;
     }
   }
+  // These are optional
+  x_SSL_COMP_get_compression_methods = loadSymbol(path_libssl, "SSL_COMP_get_compression_methods");
+  // ends
+
   SSL_library_init();
   dcheck(!ERR_peek_error());
   debug("Loaded SSL suppport");
@@ -590,6 +599,11 @@ static SSL_CTX *sslMakeContext(void) {
   SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 #ifdef SSL_OP_NO_COMPRESSION
   SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
+#endif
+#if defined(HAVE_DLOPEN)
+  if (SSL_COMP_get_compression_methods) {
+    sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+  }
 #elif OPENSSL_VERSION_NUMBER >= 0x00908000L
   sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
 #endif
diff --git a/libhttp/ssl.h b/libhttp/ssl.h
index 62d585b..e1477ab 100644
--- a/libhttp/ssl.h
+++ b/libhttp/ssl.h
@@ -111,6 +111,9 @@ extern int     (*x_SSL_write)(SSL *, const void *, int);
 extern SSL_METHOD *(*x_SSLv23_server_method)(void);
 extern X509 *  (*x_d2i_X509)(X509 **px, const unsigned char **in, int len);
 extern void    (*x_X509_free)(X509 *a);
+extern int     (*x_SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
+extern void    (*x_sk_zero)(void *st);
+extern void   *(*x_SSL_COMP_get_compression_methods)(void);
 
 #define BIO_ctrl                     x_BIO_ctrl
 #define BIO_f_buffer                 x_BIO_f_buffer
@@ -151,6 +154,9 @@ extern void    (*x_X509_free)(X509 *a);
 #define SSLv23_server_method         x_SSLv23_server_method
 #define d2i_X509                     x_d2i_X509
 #define X509_free                    x_X509_free
+#define SSL_CTX_set_cipher_list      x_SSL_CTX_set_cipher_list
+#define sk_zero                      x_sk_zero
+#define SSL_COMP_get_compression_methods    x_SSL_COMP_get_compression_methods
 
 #undef  BIO_set_buffer_read_data
 #undef  SSL_CTX_set_tlsext_servername_arg