From a2ead99c8382a8236587a8c31335dfcc18f85f50 Mon Sep 17 00:00:00 2001
From: Evgeniy Khramtsov <ekhramtsov@process-one.net>
Date: Wed, 17 Jul 2013 22:28:23 +1000
Subject: [PATCH] Make it possible to enable/disable TLS compression

---
 doc/guide.tex            | 11 ++++++++---
 src/ejabberd_c2s.erl     |  6 +++++-
 src/ejabberd_http.erl    |  6 +++++-
 src/ejabberd_s2s_in.erl  | 16 ++++++++++++++--
 src/ejabberd_s2s_out.erl | 10 +++++++++-
 5 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/doc/guide.tex b/doc/guide.tex
index 6f110cd96..c8e208bbb 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -829,10 +829,10 @@ The available modules, their purpose and the options allowed by each one are:
     Options: \texttt{access}, \texttt{certfile}, \texttt{max\_fsm\_queue},
     \texttt{max\_stanza\_size}, \texttt{shaper},
     \texttt{starttls}, \texttt{starttls\_required}, \texttt{tls},
-    \texttt{zlib}
+    \texttt{zlib}, \texttt{tls\_compression}
   \titem{\texttt{ejabberd\_s2s\_in}}
     Handles incoming s2s connections.\\
-    Options: \texttt{max\_stanza\_size}, \texttt{shaper}
+    Options: \texttt{max\_stanza\_size}, \texttt{shaper}, \texttt{tls\_compression}
   \titem{\texttt{ejabberd\_service}}
     Interacts with an \footahref{http://www.ejabberd.im/tutorials-transports}{external component}
     (as defined in the Jabber Component Protocol (\xepref{0114}).\\
@@ -845,7 +845,7 @@ The available modules, their purpose and the options allowed by each one are:
   \titem{\texttt{ejabberd\_http}}
     Handles incoming HTTP connections.\\
     Options: \texttt{captcha}, \texttt{certfile}, \texttt{default\_host}, \texttt{http\_bind}, \texttt{http\_poll},
-    \texttt{request\_handlers}, \texttt{tls}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
+    \texttt{request\_handlers}, \texttt{tls}, \texttt{tls\_compression}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
 \end{description}
 
 
@@ -975,6 +975,8 @@ This is a detailed description of each option allowed by the listening modules:
     which can be enabled in \ejabberd{} with the option \term{starttls}.
     If this option is set, you should also set the \option{certfile} option.
     The option \term{tls} can also be used in \term{ejabberd\_http} to support HTTPS.
+  \titem{\{tls\_compression, true|false\}}
+  Whether to enable or disable TLS compression. The default value is \term{true}.
   \titem{\{trusted\_proxies, all | [IpString]\}} \ind{options!trusted\_proxies}
     Specify what proxies are trusted when an HTTP request contains the header \term{X-Forwarded-For}
     You can specify \term{all} to allow all proxies, or specify a list of IPs in string format.
@@ -1019,6 +1021,9 @@ There are some additional global options that can be specified in the ejabberd c
   \titem{\{s2s\_max\_retry\_delay, Seconds\}} \ind{options!s2s\_max\_retry\_delay}
   The maximum allowed delay for retry to connect after a failed connection attempt.
   Specified in seconds. The default value is 300 seconds (5 minutes).
+  \titem{\{s2s\_tls\_compression, true|false\}}
+  Whether to enable or disable TLS compression for s2s connections.
+  The default value is \term{true}.
   \titem{\{max\_fsm\_queue, Size\}}
     This option specifies the maximum number of elements in the queue of the FSM
     (Finite State Machine).
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index c7038e6b2..5e50d9bf9 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -244,7 +244,11 @@ init([{SockMod, Socket}, Opts]) ->
 				(_) -> false
 			    end,
 			    Opts),
-    TLSOpts = [verify_none | TLSOpts1],
+    TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
+                   false -> [compression_none | TLSOpts1];
+                   true -> TLSOpts1
+               end,
+    TLSOpts = [verify_none | TLSOpts2],
     IP = peerip(SockMod, Socket),
     %% Check if IP is blacklisted:
     case is_ip_blacklisted(IP) of
diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl
index 0af7adc37..899d50eb3 100644
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@@ -96,7 +96,11 @@ init({SockMod, Socket}, Opts) ->
 				(_) -> false
 			    end,
 			    Opts),
-    TLSOpts = [verify_none | TLSOpts1],
+    TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
+                   false -> [compression_none | TLSOpts1];
+                   true -> TLSOpts1
+               end,
+    TLSOpts = [verify_none | TLSOpts2],
     {SockMod1, Socket1} = if TLSEnabled ->
 				 inet:setopts(Socket, [{recbuf, 8192}]),
 				 {ok, TLSSocket} = p1_tls:tcp_to_tls(Socket,
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 1e8cbee78..7692614ea 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -171,12 +171,16 @@ init([{SockMod, Socket}, Opts]) ->
             required_trusted ->
                 {true, true, true}
         end,
-    TLSOpts = case ejabberd_config:get_local_option(
+    TLSOpts1 = case ejabberd_config:get_local_option(
                      s2s_certfile,
                      fun iolist_to_binary/1) of
                   undefined -> [];
                   CertFile -> [{certfile, CertFile}]
 	      end,
+    TLSOpts = case proplists:get_bool(tls_compression, Opts) of
+                  false -> [compression_none | TLSOpts1];
+                  true -> TLSOpts1
+              end,
     Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
     {ok, wait_for_stream,
      #state{socket = Socket, sockmod = SockMod,
@@ -319,7 +323,7 @@ wait_for_feature_request({xmlstreamelement, El},
 	       SockMod == gen_tcp ->
 	  ?DEBUG("starttls", []),
 	  Socket = StateData#state.socket,
-	  TLSOpts = case
+	  TLSOpts1 = case
 		      ejabberd_config:get_local_option(
                         {domain_certfile, StateData#state.server},
                         fun iolist_to_binary/1) of
@@ -328,6 +332,14 @@ wait_for_feature_request({xmlstreamelement, El},
 			  [{certfile, CertFile} | lists:keydelete(certfile, 1,
 								  StateData#state.tls_options)]
 		    end,
+          TLSOpts = case ejabberd_config:get_local_option(
+                           {s2s_tls_compression, StateData#state.server},
+                           fun(true) -> true;
+                              (false) -> false
+                           end, true) of
+                        true -> lists:delete(compression_none, TLSOpts1);
+                        false -> [compression_none | TLSOpts1]
+                    end,
 	  TLSSocket = (StateData#state.sockmod):starttls(Socket,
 							 TLSOpts,
 							 xml:element_to_binary(#xmlel{name
diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl
index 9829b621d..1aaaa9998 100644
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@@ -183,13 +183,21 @@ init([From, Server, Type]) ->
 			       {true, true}
 			 end,
     UseV10 = TLS,
-    TLSOpts = case
+    TLSOpts1 = case
 		ejabberd_config:get_local_option(
                   s2s_certfile, fun iolist_to_binary/1)
 		  of
 		undefined -> [connect];
 		CertFile -> [{certfile, CertFile}, connect]
 	      end,
+    TLSOpts = case ejabberd_config:get_local_option(
+                     {s2s_tls_compression, From},
+                     fun(true) -> true;
+                        (false) -> false
+                     end, true) of
+                  false -> [compression_none | TLSOpts1];
+                  true -> TLSOpts1
+              end,
     {New, Verify} = case Type of
 		      {new, Key} -> {Key, false};
 		      {verify, Pid, Key, SID} ->