agl/gist:212066

## gistfile1.diff
diff --git a/mozilla/security/nss/cmd/selfserv/selfserv.c b/mozilla/security/nss/cmd/selfserv/selfserv.c
index 4c3d8e3..8e6acf8 100644
--- a/mozilla/security/nss/cmd/selfserv/selfserv.c
+++ b/mozilla/security/nss/cmd/selfserv/selfserv.c
@@ -200,6 +200,7 @@ Usage(const char *progName)
 "-u means enable Session Ticket extension for TLS.\n"
 "-v means verbose output\n"
 "-x means use export policy.\n"
+"-z mean enable compression.\n"
 "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
 "-M maxProcs tells how many processes to run in a multi-process server\n"
 "-N means do NOT use the server session cache.  Incompatible with -M.\n"
@@ -717,6 +718,7 @@ PRBool bypassPKCS11    = PR_FALSE;
 PRBool disableLocking  = PR_FALSE;
 PRBool testbypass      = PR_FALSE;
 PRBool enableSessionTickets = PR_FALSE;
+PRBool enableCompression    = PR_FALSE;

 static const char stopCmd[] = { "GET /stop " };
 static const char getCmd[]  = { "GET " };
@@ -1599,6 +1601,13 @@ server_main(
 	}
     }

+    if (enableCompression) {
+	rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+	if (rv != SECSuccess) {
+	    errExit("error enabling compression ");
+	}
+    }
+
     for (kea = kt_rsa; kea < kt_kea_size; kea++) {
 	if (cert[kea] != NULL) {
 	    secStatus = SSL_ConfigSecureServer(model_sock,
@@ -1830,7 +1839,7 @@ main(int argc, char **argv)
     ** numbers, then capital letters, then lower case, alphabetical.
     */
     optstate = PL_CreateOptState(argc, argv,
-        "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xy");
+        "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xyz");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	++optionsFound;
 	switch(optstate->option) {
@@ -1935,6 +1944,8 @@ main(int argc, char **argv)

 	case 'y': debugCache = PR_TRUE; break;

+	case 'z': enableCompression = PR_TRUE; break;
+
 	default:
 	case '?':
 	    fprintf(stderr, "Unrecognized or bad option specified.\n");
diff --git a/mozilla/security/nss/cmd/strsclnt/strsclnt.c b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
index 10c64bd..6239c95 100644
--- a/mozilla/security/nss/cmd/strsclnt/strsclnt.c
+++ b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
@@ -161,6 +161,7 @@ static PRBool bypassPKCS11    = PR_FALSE;
 static PRBool disableLocking  = PR_FALSE;
 static PRBool ignoreErrors    = PR_FALSE;
 static PRBool enableSessionTickets = PR_FALSE;
+static PRBool enableCompression    = PR_FALSE;

 PRIntervalTime maxInterval    = PR_INTERVAL_NO_TIMEOUT;

@@ -196,6 +197,7 @@ Usage(const char *progName)
         "       -U means enable throttling up threads\n"
 	"       -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
 	"       -u enable TLS Session Ticket extension\n",
+	"       -z enable compression\n",
 	progName);
     exit(1);
 }
@@ -1233,6 +1235,12 @@ client_main(
 	    errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
     }

+    if (enableCompression) {
+	rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+	if (rv != SECSuccess)
+	    errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
+    }
+
     SSL_SetURL(model_sock, hostName);

     SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
@@ -1338,7 +1346,7 @@ main(int argc, char **argv)
     progName = progName ? progName + 1 : tmp;


-    optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvw:");
+    optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvzw:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch(optstate->option) {

@@ -1398,6 +1406,8 @@ main(int argc, char **argv)
             pwdata.data = PL_strdup(optstate->value);
             break;

+	case 'z': enableCompression = PR_TRUE; break;
+
 	case 0:   /* positional parameter */
 	    if (hostName) {
 		Usage(progName);
diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
index 06c1541..c7a7673 100644
--- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c
+++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
@@ -212,6 +212,7 @@ static void Usage(const char *progName)
     fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
     fprintf(stderr, "%-20s Renegotiate with session resumption.\n", "-r");
     fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
+    fprintf(stderr, "%-20s Enable the compression.\n", "-z");
     fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
                     "-c ciphers");
     fprintf(stderr,
@@ -507,6 +508,7 @@ int main(int argc, char **argv)
     int                disableLocking = 0;
     int                useExportPolicy = 0;
     int                enableSessionTickets = 0;
+    int                enableCompression = 0;
     PRSocketOptionData opt;
     PRNetAddr          addr;
     PRPollDesc         pollset[2];
@@ -534,7 +536,7 @@ int main(int argc, char **argv)
        }
     }

-    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
+    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xzW:");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
@@ -591,6 +593,8 @@ int main(int argc, char **argv)
                 break;

 	  case 'x': useExportPolicy = 1; 		break;
+
+	  case 'z': enableCompression = 1;		break;
 	}
     }

@@ -829,6 +833,13 @@ int main(int argc, char **argv)
 	return 1;
     }

+    /* enable compression. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
+    if (rv != SECSuccess) {
+	SECU_PrintError(progName, "error enabling compression");
+	return 1;
+    }
+
     SSL_SetPKCS11PinArg(s, &pwdata);

     SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss/tests/ssl/sslstress.txt
index 4a1a211..2c745ae 100644
--- a/mozilla/security/nss/tests/ssl/sslstress.txt
+++ b/mozilla/security/nss/tests/ssl/sslstress.txt
@@ -9,6 +9,8 @@
   noECC     0      _         -c_1000_-C_c_-T               Stress SSL3 RC4 128 with MD5
   noECC     0      _         -c_1000_-C_c                  Stress TLS  RC4 128 with MD5
   noECC     0      -u        -2_-c_1000_-C_c_-u            Stress TLS  RC4 128 with MD5 (session ticket)
+  noECC     0      -z        -2_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (compression)
+  noECC     0      -z_-u     -2_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (session ticket, compression)

 #
 # add client auth versions here...
@@ -17,6 +19,8 @@
   noECC     0      -r_-r     -c_100_-C_c_-T_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r_-u  -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
+  noECC     0      -r_-r_-z  -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
+  noECC     0   -u_-r_-r_-u  -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth, session ticket)

 #
 # ############################ ECC ciphers ############################
	diff --git a/mozilla/security/nss/cmd/selfserv/selfserv.c b/mozilla/security/nss/cmd/selfserv/selfserv.c
	index 4c3d8e3..8e6acf8 100644
	--- a/mozilla/security/nss/cmd/selfserv/selfserv.c
	+++ b/mozilla/security/nss/cmd/selfserv/selfserv.c
	@@ -200,6 +200,7 @@ Usage(const char *progName)
	"-u means enable Session Ticket extension for TLS.\n"
	"-v means verbose output\n"
	"-x means use export policy.\n"
	+"-z mean enable compression.\n"
	"-L seconds means log statistics every 'seconds' seconds (default=30).\n"
	"-M maxProcs tells how many processes to run in a multi-process server\n"
	"-N means do NOT use the server session cache. Incompatible with -M.\n"
	@@ -717,6 +718,7 @@ PRBool bypassPKCS11 = PR_FALSE;
	PRBool disableLocking = PR_FALSE;
	PRBool testbypass = PR_FALSE;
	PRBool enableSessionTickets = PR_FALSE;
	+PRBool enableCompression = PR_FALSE;

	static const char stopCmd[] = { "GET /stop " };
	static const char getCmd[] = { "GET " };
	@@ -1599,6 +1601,13 @@ server_main(
	}
	}

	+ if (enableCompression) {
	+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
	+ if (rv != SECSuccess) {
	+ errExit("error enabling compression ");
	+ }
	+ }
	+
	for (kea = kt_rsa; kea < kt_kea_size; kea++) {
	if (cert[kea] != NULL) {
	secStatus = SSL_ConfigSecureServer(model_sock,
	@@ -1830,7 +1839,7 @@ main(int argc, char **argv)
	** numbers, then capital letters, then lower case, alphabetical.
	*/
	optstate = PL_CreateOptState(argc, argv,
	- "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xy");
	+ "2:3BC:DEL:M:NP:RSTbc:d:e:f:g:hi:jlmn:op:qrst:uvw:xyz");
	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
	++optionsFound;
	switch(optstate->option) {
	@@ -1935,6 +1944,8 @@ main(int argc, char **argv)

	case 'y': debugCache = PR_TRUE; break;

	+ case 'z': enableCompression = PR_TRUE; break;
	+
	default:
	case '?':
	fprintf(stderr, "Unrecognized or bad option specified.\n");
	diff --git a/mozilla/security/nss/cmd/strsclnt/strsclnt.c b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
	index 10c64bd..6239c95 100644
	--- a/mozilla/security/nss/cmd/strsclnt/strsclnt.c
	+++ b/mozilla/security/nss/cmd/strsclnt/strsclnt.c
	@@ -161,6 +161,7 @@ static PRBool bypassPKCS11 = PR_FALSE;
	static PRBool disableLocking = PR_FALSE;
	static PRBool ignoreErrors = PR_FALSE;
	static PRBool enableSessionTickets = PR_FALSE;
	+static PRBool enableCompression = PR_FALSE;

	PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;

	@@ -196,6 +197,7 @@ Usage(const char *progName)
	" -U means enable throttling up threads\n"
	" -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
	" -u enable TLS Session Ticket extension\n",
	+ " -z enable compression\n",
	progName);
	exit(1);
	}
	@@ -1233,6 +1235,12 @@ client_main(
	errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
	}

	+ if (enableCompression) {
	+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
	+ if (rv != SECSuccess)
	+ errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
	+ }
	+
	SSL_SetURL(model_sock, hostName);

	SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
	@@ -1338,7 +1346,7 @@ main(int argc, char **argv)
	progName = progName ? progName + 1 : tmp;


	- optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvw:");
	+ optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUW:c:d:f:in:op:qst:uvzw:");
	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
	switch(optstate->option) {

	@@ -1398,6 +1406,8 @@ main(int argc, char **argv)
	pwdata.data = PL_strdup(optstate->value);
	break;

	+ case 'z': enableCompression = PR_TRUE; break;
	+
	case 0: /* positional parameter */
	if (hostName) {
	Usage(progName);
	diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
	index 06c1541..c7a7673 100644
	--- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c
	+++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
	@@ -212,6 +212,7 @@ static void Usage(const char *progName)
	fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
	fprintf(stderr, "%-20s Renegotiate with session resumption.\n", "-r");
	fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
	+ fprintf(stderr, "%-20s Enable the compression.\n", "-z");
	fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
	"-c ciphers");
	fprintf(stderr,
	@@ -507,6 +508,7 @@ int main(int argc, char **argv)
	int disableLocking = 0;
	int useExportPolicy = 0;
	int enableSessionTickets = 0;
	+ int enableCompression = 0;
	PRSocketOptionData opt;
	PRNetAddr addr;
	PRPollDesc pollset[2];
	@@ -534,7 +536,7 @@ int main(int argc, char **argv)
	}
	}

	- optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
	+ optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xzW:");
	while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
	switch (optstate->option) {
	case '?':
	@@ -591,6 +593,8 @@ int main(int argc, char **argv)
	break;

	case 'x': useExportPolicy = 1; break;
	+
	+ case 'z': enableCompression = 1; break;
	}
	}

	@@ -829,6 +833,13 @@ int main(int argc, char **argv)
	return 1;
	}

	+ /* enable compression. */
	+ rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
	+ if (rv != SECSuccess) {
	+ SECU_PrintError(progName, "error enabling compression");
	+ return 1;
	+ }
	+
	SSL_SetPKCS11PinArg(s, &pwdata);

	SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
	diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss/tests/ssl/sslstress.txt
	index 4a1a211..2c745ae 100644
	--- a/mozilla/security/nss/tests/ssl/sslstress.txt
	+++ b/mozilla/security/nss/tests/ssl/sslstress.txt
	@@ -9,6 +9,8 @@
	noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128 with MD5
	noECC 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5
	noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket)
	+ noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128 with MD5 (compression)
	+ noECC 0 -z_-u -2_-c_1000_-C_c_-z Stress TLS RC4 128 with MD5 (session ticket, compression)

	#
	# add client auth versions here...
	@@ -17,6 +19,8 @@
	noECC 0 -r_-r -c_100_-C_c_-T_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
	noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth)
	noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
	+ noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
	+ noECC 0 -u_-r_-r_-u -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth, session ticket)

	#
	# ############################ ECC ciphers ############################