openssl: add option to disable compression support

By default it's disabled. After the CRIME attack it seems the use of
compression is discouraged.

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>

2 files changed, 15 insertions, 3 deletions

diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index aa943002d3..02b5da9a0e 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -20,6 +20,11 @@ config OPENSSL_WITH_DEPRECATED
 	default y
 	prompt "Include deprecated APIs"
 
+config OPENSSL_WITH_COMPRESSION
+	bool
+	default n
+	prompt "Enable compression support"
+
 config OPENSSL_ENGINE_DIGEST
 	bool
 	depends on OPENSSL_ENGINE_CRYPTO
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index eb2dfff2e0..c5d281a6da 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -33,7 +33,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_OPENSSL_WITH_EC2M \
 	CONFIG_OPENSSL_WITH_SSL3 \
 	CONFIG_OPENSSL_HARDWARE_SUPPORT \
-	CONFIG_OPENSSL_WITH_DEPRECATED
+	CONFIG_OPENSSL_WITH_DEPRECATED \
+	CONFIG_OPENSSL_WITH_COMPRESSION
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -63,7 +64,7 @@ $(call Package/openssl/Default)
   SECTION:=libs
   SUBMENU:=SSL
   CATEGORY:=Libraries
-  DEPENDS:=+zlib
+  DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
   TITLE+= (libraries)
   ABI_VERSION:=$(PKG_VERSION)
   MENU:=1
@@ -93,7 +94,7 @@ endef
 
 
 OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5
-OPENSSL_OPTIONS:= shared no-err zlib-dynamic no-sse2 no-ssl2
+OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2
 
 ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
   OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
@@ -124,6 +125,12 @@ ifndef CONFIG_OPENSSL_WITH_DEPRECATED
   OPENSSL_OPTIONS += no-deprecated
 endif
 
+ifdef CONFIG_OPENSSL_WITH_COMPRESSION
+  OPENSSL_OPTIONS += zlib-dynamic
+else
+  OPENSSL_OPTIONS += no-comp
+endif
+
 ifeq ($(CONFIG_x86_64),y)
   OPENSSL_TARGET:=linux-x86_64-openwrt
   OPENSSL_MAKEFLAGS += LIBDIR=lib