Replace all of the text by a deprecation notice:

LibreSSL was decompressed long ago.

Mention SSL_COMP_get_compression_methods(3) which is both available
in our public interface and documented by OpenSSL.

1 files changed, 29 insertions, 49 deletions

diff --git a/lib/libssl/man/SSL_COMP_add_compression_method.3 b/lib/libssl/man/SSL_COMP_add_compression_method.3
index 957b2e8bed9..dc47f4e1e9d 100644
--- a/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ b/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -1,68 +1,48 @@
+.\"	$OpenBSD: SSL_COMP_add_compression_method.3,v 1.2 2016/11/29 19:52:17 schwarze Exp $
 .\"
-.\"	$OpenBSD: SSL_COMP_add_compression_method.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 29 2016 $
 .Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
 .Os
 .Sh NAME
-.Nm SSL_COMP_add_compression_method
+.Nm SSL_COMP_add_compression_method ,
+.Nm SSL_COMP_get_compression_methods
 .Nd handle SSL/TLS integrated compression methods
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
 .Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm"
+.Ft STACK_OF(SSL_COMP) *
+.Fn SSL_COMP_get_compression_methods void
 .Sh DESCRIPTION
+These functions are deprecated and have no effect.
+They are provided purely for compatibility with legacy application code.
+.Pp
 .Fn SSL_COMP_add_compression_method
-adds the compression method
+used to add the compression method
 .Fa cm
 with the identifier
 .Fa id
 to the list of available compression methods.
-This list is globally maintained for all SSL operations within this application.
-It cannot be set for specific SSL_CTX or SSL objects.
-.Sh NOTES
-The TLS standard (or SSLv3) allows the integration of compression methods
-into the communication.
-The TLS RFC does however not specify compression methods or their corresponding
-identifiers, so there is currently no compatible way to integrate compression
-with unknown peers.
-It is therefore currently not recommended to integrate compression into
-applications.
-Applications for non-public use may agree on certain compression methods.
-Using different compression methods with the same identifier will lead to
-connection failure.
-.Pp
-An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
-will unconditionally send the list of all compression methods enabled with
-.Fn SSL_COMP_add_compression_method
-to the server during the handshake.
-Unlike the mechanisms to set a cipher list, there is no method available to
-restrict the list of compression method on a per connection basis.
-.Pp
-An OpenSSL server will match the identifiers listed by a client against
-its own compression methods and will unconditionally activate compression
-when a matching identifier is found.
-There is no way to restrict the list of compression methods supported on a per
-connection basis.
 .Pp
-The OpenSSL library has the compression methods
-.Fn COMP_rle
-and (when especially enabled during compilation)
-.Fn COMP_zlib
-available.
-.Sh WARNINGS
-Once the identities of the compression methods for the TLS protocol have
-been standardized, the compression API will most likely be changed.
-Using it in the current state is not recommended.
+.Fn SSL_COMP_get_compression_methods
+used to return a stack of available compression methods.
 .Sh RETURN VALUES
 .Fn SSL_COMP_add_compression_method
-may return the following values:
-.Bl -tag -width Ds
-.It 0
-The operation succeeded.
-.It 1
-The operation failed.
-Check the error queue to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr ssl 3
+always returns 1.
+.Fn SSL_COMP_get_compression_methods
+always returns
+.Dv NULL .