diff options
57 files changed, 2661 insertions, 92 deletions
diff --git a/CHANGES.md b/CHANGES.md index fac9d80cc0..2fc80041a3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,11 @@ OpenSSL 3.2 ### Changes between 3.0 and 3.2 [xx XXX xxxx] + * Add support for certificate compression (RFC8879), including + library support for Brotli and Zstandard compression. + + *Todd Short* + * Add the ability to add custom attributes to PKCS12 files. Add a new API PKCS12_create_ex2, identical to the existing PKCS12_create_ex but allows for a user specified callback and optional argument. @@ -21,6 +21,8 @@ OpenSSL 3.2 ### Major changes between OpenSSL 3.0 and OpenSSL 3.2 [under development] + * Added support for certificate compression (RFC8879), including + library support for Brotli and Zstandard compression. * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings by default. * TCP Fast Open (RFC7413) support is available on Linux, macOS, and FreeBSD diff --git a/apps/include/opt.h b/apps/include/opt.h index 849e10c09e..787dac5468 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -164,7 +164,10 @@ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ OPT_S_MINPROTO, OPT_S_MAXPROTO, \ OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, \ - OPT_S_NO_EMS, OPT_S__LAST + OPT_S_NO_EMS, \ + OPT_S_NO_TX_CERT_COMP, \ + OPT_S_NO_RX_CERT_COMP, \ + OPT_S__LAST # define OPT_S_OPTIONS \ OPT_SECTION("TLS/SSL"), \ @@ -176,6 +179,8 @@ {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ + {"no_tx_cert_comp", OPT_S_NO_TX_CERT_COMP, '-', "Disable sending TLSv1.3 compressed certificates" }, \ + {"no_rx_cert_comp", OPT_S_NO_RX_CERT_COMP, '-', "Disable receiving TLSv1.3 compressed certificates" }, \ {"no_ticket", OPT_S_NOTICKET, '-', \ "Disable use of TLS session tickets"}, \ {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ @@ -233,6 +238,8 @@ case OPT_S_BUGS: \ case OPT_S_NO_COMP: \ case OPT_S_COMP: \ + case OPT_S_NO_TX_CERT_COMP: \ + case OPT_S_NO_RX_CERT_COMP: \ case OPT_S_NOTICKET: \ case OPT_S_SERVERPREF: \ case OPT_S_LEGACYRENEG: \ diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 8f20113cd3..8325e7371f 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -559,6 +559,7 @@ static STRINT_PAIR handshakes[] = { {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, {", KeyUpdate", SSL3_MT_KEY_UPDATE}, + {", CompressedCertificate", SSL3_MT_COMPRESSED_CERTIFICATE}, #ifndef OPENSSL_NO_NEXTPROTONEG {", NextProto", SSL3_MT_NEXT_PROTO}, #endif @@ -685,6 +686,7 @@ static STRINT_PAIR tlsext_types[] = { #ifdef TLSEXT_TYPE_extended_master_secret {"extended master secret", TLSEXT_TYPE_extended_master_secret}, #endif + {"compress certificate", TLSEXT_TYPE_compress_certificate}, {"key share", TLSEXT_TYPE_key_share}, {"supported versions", TLSEXT_TYPE_supported_versions}, {"psk", TLSEXT_TYPE_psk}, diff --git a/apps/s_server.c b/apps/s_server.c index 8a573d4414..f519505ade 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -716,7 +716,7 @@ typedef enum OPTION_choice { OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_KTLS, - OPT_TFO, + OPT_TFO, OPT_CERT_COMP, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -843,6 +843,9 @@ const OPTIONS s_server_options[] = { "No verify output except verify errors"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF"}, +#ifndef OPENSSL_NO_COMP_ALG + {"cert_comp", OPT_CERT_COMP, '-', "Pre-compress server certificates"}, +#endif #ifndef OPENSSL_NO_OCSP OPT_SECTION("OCSP"), @@ -1061,6 +1064,7 @@ int s_server_main(int argc, char *argv[]) int enable_ktls = 0; #endif int tfo = 0; + int cert_comp = 0; /* Init of few remaining global variables */ local_argc = argc; @@ -1658,6 +1662,9 @@ int s_server_main(int argc, char *argv[]) case OPT_TFO: tfo = 1; break; + case OPT_CERT_COMP: + cert_comp = 1; + break; } } @@ -2243,6 +2250,14 @@ int s_server_main(int argc, char *argv[]) if (recv_max_early_data >= 0) SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); + if (cert_comp) { + BIO_printf(bio_s_out, "Compressing certificates\n"); + if (!SSL_CTX_compress_certs(ctx, 0)) + BIO_printf(bio_s_out, "Error compressing certs on ctx\n"); + if (ctx2 != NULL && !SSL_CTX_compress_certs(ctx2, 0)) + BIO_printf(bio_s_out, "Error compressing certs on ctx2\n"); + } + if (rev) server_cb = rev_body; else if (www) diff --git a/crypto/comp/c_brotli.c b/crypto/comp/c_brotli.c index ace6f221b8..377ea2b8d0 100644 --- a/crypto/comp/c_brotli.c +++ b/crypto/comp/c_brotli.c @@ -419,10 +419,10 @@ static const BIO_METHOD bio_meth_brotli = { const BIO_METHOD *BIO_f_brotli(void) { #ifndef OPENSSL_NO_BROTLI - return &bio_meth_brotli; -#else - return NULL; + if (RUN_ONCE(&brotli_once, ossl_comp_brotli_init)) + return &bio_meth_brotli; #endif + return NULL; } #ifndef OPENSSL_NO_BROTLI diff --git a/crypto/comp/c_zstd.c b/crypto/comp/c_zstd.c index 99d326219e..15b826c589 100644 --- a/crypto/comp/c_zstd.c +++ b/crypto/comp/c_zstd.c @@ -481,10 +481,10 @@ static const BIO_METHOD bio_meth_zstd = { const BIO_METHOD *BIO_f_zstd(void) { #ifndef OPENSSL_NO_ZSTD - return &bio_meth_zstd; -#else - return NULL; + if (RUN_ONCE(&zstd_once, ossl_comp_zstd_init)) + return &bio_meth_zstd; #endif + return NULL; } #ifndef OPENSSL_NO_ZSTD diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 10a9e66860..2345da693e 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -19,12 +19,8 @@ static const ERR_STRING_DATA COMP_str_reasons[] = { {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_BROTLI_DECODE_ERROR), "brotli decode error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_BROTLI_DEFLATE_ERROR), - "brotli deflate error"}, {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_BROTLI_ENCODE_ERROR), "brotli encode error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_BROTLI_INFLATE_ERROR), - "brotli inflate error"}, {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_BROTLI_NOT_SUPPORTED), "brotli not supported"}, {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index ef02a097e4..653b775330 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1271,6 +1271,7 @@ SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\ at least (D)TLS 1.2 needed in Suite B mode SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec SSL_R_BAD_CIPHER:186:bad cipher +SSL_R_BAD_COMPRESSION_ALGORITHM:326:bad compression algorithm SSL_R_BAD_DATA:390:bad data SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback SSL_R_BAD_DECOMPRESSION:107:bad decompression diff --git a/doc/build.info b/doc/build.info index 8884b0dd5f..71c7f3aa40 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2167,6 +2167,10 @@ DEPEND[html/man3/SSL_CTX_set0_CA_list.html]=man3/SSL_CTX_set0_CA_list.pod GENERATE[html/man3/SSL_CTX_set0_CA_list.html]=man3/SSL_CTX_set0_CA_list.pod DEPEND[man/man3/SSL_CTX_set0_CA_list.3]=man3/SSL_CTX_set0_CA_list.pod GENERATE[man/man3/SSL_CTX_set0_CA_list.3]=man3/SSL_CTX_set0_CA_list.pod +DEPEND[html/man3/SSL_CTX_set1_cert_comp_preference.html]=man3/SSL_CTX_set1_cert_comp_preference.pod +GENERATE[html/man3/SSL_CTX_set1_cert_comp_preference.html]=man3/SSL_CTX_set1_cert_comp_preference.pod +DEPEND[man/man3/SSL_CTX_set1_cert_comp_preference.3]=man3/SSL_CTX_set1_cert_comp_preference.pod +GENERATE[man/man3/SSL_CTX_set1_cert_comp_preference.3]=man3/SSL_CTX_set1_cert_comp_preference.pod DEPEND[html/man3/SSL_CTX_set1_curves.html]=man3/SSL_CTX_set1_curves.pod GENERATE[html/man3/SSL_CTX_set1_curves.html]=man3/SSL_CTX_set1_curves.pod DEPEND[man/man3/SSL_CTX_set1_curves.3]=man3/SSL_CTX_set1_curves.pod @@ -3313,6 +3317,7 @@ html/man3/SSL_CTX_sess_set_cache_size.html \ html/man3/SSL_CTX_sess_set_get_cb.html \ html/man3/SSL_CTX_sessions.html \ html/man3/SSL_CTX_set0_CA_list.html \ +html/man3/SSL_CTX_set1_cert_comp_preference.html \ html/man3/SSL_CTX_set1_curves.html \ html/man3/SSL_CTX_set1_sigalgs.html \ html/man3/SSL_CTX_set1_verify_cert_store.html \ @@ -3918,6 +3923,7 @@ man/man3/SSL_CTX_sess_set_cache_size.3 \ man/man3/SSL_CTX_sess_set_get_cb.3 \ man/man3/SSL_CTX_sessions.3 \ man/man3/SSL_CTX_set0_CA_list.3 \ +man/man3/SSL_CTX_set1_cert_comp_preference.3 \ man/man3/SSL_CTX_set1_curves.3 \ man/man3/SSL_CTX_set1_sigalgs.3 \ man/man3/SSL_CTX_set1_verify_cert_store.3 \ diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 5f6f74c51d..86b9aff91e 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -83,6 +83,8 @@ B<openssl> B<s_client> [B<-read_buf>] [B<-ignore_unexpected_eof>] [B<-bugs>] +[B<-no_tx_cert_comp>] +[B<-no_rx_cert_comp>] [B<-comp>] [B<-no_comp>] [B<-brief>] @@ -601,6 +603,14 @@ For more information on shutting down a connection, see L<SSL_shutdown(3)>. There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-no_tx_cert_comp> + +Disables support for sending TLSv1.3 compressed certificates. + +=item B<-no_rx_cert_comp> + +Disables support for receiving TLSv1.3 compressed certificate. + =item B<-comp> Enables support for SSL/TLS compression. @@ -930,7 +940,9 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. The B<-engine> option was deprecated in OpenSSL 3.0. -The -tfo option was added in OpenSSL 3.2. + +The B<-tfo>, B<-no_tx_cert_comp>, and B<-no_rx_cert_comp> options were added +in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 8fa041c2fe..94f3b4b46c 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -92,6 +92,8 @@ B<openssl> B<s_server> [B<-naccept> I<+int>] [B<-read_buf> I<+int>] [B<-bugs>] +[B<-no_tx_cert_comp>] +[B<-no_rx_cert_comp>] [B<-no_comp>] [B<-comp>] [B<-no_ticket>] @@ -139,6 +141,7 @@ B<openssl> B<s_server> [B<-no_anti_replay>] [B<-num_tickets>] [B<-tfo>] +[B<-cert_comp>] {- $OpenSSL::safe::opt_name_synopsis -} {- $OpenSSL::safe::opt_version_synopsis -} {- $OpenSSL::safe::opt_v_synopsis -} @@ -604,6 +607,14 @@ further information). There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-no_tx_cert_comp> + +Disables support for sending TLSv1.3 compressed certificates. + +=item B<-no_rx_cert_comp> + +Disables support for receiving TLSv1.3 compressed certificates. + =item B<-no_comp> Disable negotiation of TLS compression. @@ -820,6 +831,9 @@ data that was sent will be rejected. Enable acceptance of TCP Fast Open (RFC7413) connections. +=item B<-cert_comp> + +Pre-compresses certificates (RFC8879) that will be sent during the handshake. {- $OpenSSL::safe::opt_name_item -} @@ -947,7 +961,8 @@ The The B<-srpvfile>, B<-srpuserseed>, and B<-engine> option were deprecated in OpenSSL 3.0. -The -tfo option was added in OpenSSL 3.2. +The B<-tfo>, B<-no_tx_cert_comp>, and B<-no_rx_cert_comp> options were added +in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/COMP_CTX_new.pod b/doc/man3/COMP_CTX_new.pod index 1fe1d691df..7e1c8c4a83 100644 --- a/doc/man3/COMP_CTX_new.pod +++ b/doc/man3/COMP_CTX_new.pod @@ -98,7 +98,7 @@ COMP_zstd_oneshot() returns a B<COMP_METHOD> for one-shot Zstandard compression. BIO_f_zlib(), BIO_f_brotli() BIO_f_zstd() each return a B<BIO_METHOD> that may be used to create a B<BIO> via B<BIO_new(3)> to read and write compressed files or streams. The functions are only available if the corresponding algorithm is compiled into -the OpenSSL library. +the OpenSSL library. NULL may be returned if the algorithm fails to load dynamically. =head1 NOTES @@ -123,11 +123,12 @@ L<SSL_set_options(3)> functions. Compression is also used to support certificate compression as described in RFC8879 L<https://datatracker.ietf.org/doc/html/rfc8879>. -It may be disabled via the SSL_OP_NO_CERTIFICATE_COMPRESSION option of -the L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. +It may be disabled via the SSL_OP_NO_TX_CERTIFICATE_COMPRESSION and +SSL_OP_NO_RX_CERTIFICATE_COMPRESSION options of the +L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. COMP_zlib(), COMP_brotli() and COMP_zstd() are stream-based compression methods. -Internal state (including compression dictionary) is maintained between calls. +Internal state (including compression dictionary) is maintained between calls. If an error is returned, the stream is corrupted, and should be closed. COMP_brotli_oneshot() and COMP_zstd_oneshot() are not stream-based. These @@ -152,7 +153,8 @@ bytes stored in the output buffer I<out>. This may be 0. On failure, COMP_get_name() returns a B<const char *> that must not be freed on success, or NULL on failure. -BIO_f_zlib(), BIO_f_brotli() and BIO_f_zstd() return a B<BIO_METHOD>. +BIO_f_zlib(), BIO_f_brotli() and BIO_f_zstd() return NULL on error, and +a B<BIO_METHOD> on success. =head1 SEE ALSO diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 400bd223c6..c20df37e3b 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -162,6 +162,24 @@ This is a synonym for the B<-groups> command. This sets the temporary curve used for ephemeral ECDH modes. Only used by servers. +=item B<-tx_cert_comp> + +Enables support for sending TLSv1.3 compressed certificates. + +=item B<-no_tx_cert_comp> + +Disables support for sending TLSv1.3 compressed certificates. + +=item B<-rx_cert_comp> + +Enables support for receiving TLSv1.3 compressed certificates. + +=item B<-no_rx_cert_comp> + +Disables support for receiving TLSv1.3 compressed certificates. + +=item B<-comp> + The B<groups> argument is a curve name or the special value B<auto> which picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name @@ -535,6 +553,14 @@ B<SSL_OP_ENABLE_KTLS>. B<StrictCertCheck>: Enable strict certificate checking. Equivalent to setting B<SSL_CERT_FLAG_TLS_STRICT> with SSL_CTX_set_cert_flags(). +B<TxCertificateCompression>: support sending compressed certificates, enabled by +default. Inverse of B<SSL_OP_NO_TX_CERTIFICATE_COMPRESSION>: that is, +B<-TxCertificateCompression> is the same as setting B<SSL_OP_NO_TX_CERTIFICATE_COMPRESSION>. + +B<RxCertificateCompression>: support receiving compressed certificates, enabled by +default. Inverse of B<SSL_OP_NO_RX_CERTIFICATE_COMPRESSION>: that is, +B<-RxCertificateCompression> is the same as setting B<SSL_OP_NO_RX_CERTIFICATE_COMPRESSION>. + =item B<VerifyMode> The B<value> argument is a comma separated list of flags to set. @@ -736,6 +762,9 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. The B<UnsafeLegacyServerConnect> option is no longer set by default from OpenSSL 3.0. +The B<TxCertificateCompression> and B<RxCertificateCompression> options were +added in OpenSSL 3.2. + =head1 COPYRIGHT Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/SSL_CTX_set1_cert_comp_preference.pod b/doc/man3/SSL_CTX_set1_cert_comp_preference.pod new file mode 100644 index 0000000000..2fe35873f7 --- /dev/null +++ b/doc/man3/SSL_CTX_set1_cert_comp_preference.pod @@ -0,0 +1,160 @@ +=pod + +=head1 NAME + +SSL_CTX_set1_cert_comp_preference, +SSL_set1_cert_comp_preference, +SSL_CTX_compress_certs, +SSL_compress_certs, +SSL_CTX_get1_compressed_cert, +SSL_get1_compressed_cert, +SSL_CTX_set1_compressed_cert, +SSL_set1_compressed_cert - Certificate compression functions + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); + int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + + int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); + int SSL_compress_certs(SSL *ssl, int alg); + + size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, + size_t *orig_len); + size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, + size_t *orig_len); + + int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int alg, + unsigned char *comp_data, + size_t comp_length, size_t orig_length); + int SSL_set1_compressed_cert(SSL *ssl, int alg, unsigned char *comp_data, + size_t comp_length, size_t orig_length); + + +=head1 DESCRIPTION + +These functions control the certificate compression feature. Certificate +compression is only available for TLSv1.3 as defined in RFC8879. + +SSL_CTX_set1_cert_comp_preference() and SSL_set1_cert_comp_preference() are used +to specify the preferred compression algorithms. The B<algs> argument is an array +of algorithms, and B<length> is number of elements in the B<algs> array. Only +those algorithms enabled in the library will be accepted in B<algs>, unknown +algorithms in B<algs> are ignored. On an error, the preference order is left +unmodified. + +The following compression algorithms (B<alg> arguments) may be used: + +=over 4 + +=item * TLSEXT_comp_cert_brotli + +=item * TLSEXT_comp_cert_zlib + +=item * TLSEXT_comp_cert_zstd + +=back + +The above is also the default preference order. If a preference order is not +specified, then the default preference order is sent to the peer and the +received peer's preference order will be used when compressing a certificate. +Otherwise, the configured preference order is sent to the peer and is used +to filter the peer's preference order. + +SSL_CTX_compress_certs() and SSL_compress_certs() are used to pre-compress all +the configured certificates on an SSL_CTX/SSL object with algorithm B<alg>. If +B<alg> is 0, then the certificates are compressed with the algorithms specified +in the preference list. Calling these functions on a client SSL_CTX/SSL object +will result in an error, as only server certificates may be pre-compressed. + +SSL_CTX_get1_compressed_cert() and SSL_get1_compressed_cert() are used to get +the pre-compressed certificate most recently set that may be stored for later +use. Calling these functions on a client SSL_CTX/SSL object will result in an +error, as only server certificates may be pre-compressed. The B<data> and +B<orig_len> arguments are required. + +The compressed certificate data may be passed to SSL_CTX_set1_compressed_cert() +or SSL_set1_compressed_cert() to provide a pre-compressed version of the +most recently set certificate. This pre-compressed certificate can only be used +by a server. + +=head1 NOTES + +Each side of the connection sends their compression algorithm preference list +to their peer indicating compressed certificate support. The received preference +list is filtered by the configured preference list (i.e. the intersection is +saved). As the default list includes all the enabled algorithms, not specifying +a preference will allow any enabled algorithm by the peer. The filtered peer's +preference order is used to determine what algorithm to use when sending a +compressed certificate. + +Only server certificates may be pre-compressed. Calling any of these functions +(except SSL_CTX_set1_cert_comp_preference()/SSL_set1_cert_comp_preference()) +on a client SSL_CTX/SSL object will return an error. Client certificates are +compressed on-demand as unique context data from the server is compressed along +with the certificate. + +For SSL_CTX_set1_cert_comp_preference() and SSL_set1_cert_comp_preference() +the B<len> argument is the size of the B<algs> argument in bytes. + +The compressed certificate returned by SSL_CTX_get1_compressed_cert() and +SSL_get1_compressed_cert() is the last certificate set on the SSL_CTX/SSL object. +The certificate is copied by the function and the caller must free B<*data> via +OPENSSL_free(). + +The compressed certificate data set by SSL_CTX_set1_compressed_cert() and +SSL_set1_compressed_cert() is copied into the SSL_CTX/SSL object. + +SSL_CTX_compress_certs() and SSL_compress_certs() return an error under the +following conditions: + +=over 4 + +=item * If no certificates have been configured. + +=item * If the specified algorithm B<alg> is not enabled. + +=item * If B<alg> is 0 and no compression algorithms are enabled. + +=back + +Sending compressed certificates may be disabled on a connection via the +SSL_OP_NO_TX_CERTIFICATE_COMPRESSION option. Receiving compressed certificates +may be disabled on a connection via the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION +option |