Modify compression code so it avoids using ex_data free functions. This

 Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]

  *) Modify compression code so it frees up structures without using the

     ex_data callbacks. This works around a problem where some applications

     call CRYPTO_free_all_ex_data() before application exit (e.g. when

     restarting) then use compression (e.g. SSL with compression) later.

     This results in significant per-connection memory leaks and

     has caused some security issues including CVE-2008-1678 and

     CVE-2009-4355.

     [Steve Henson]

  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to

     connect (but not renegotiate) with servers which do not support RI.

     Until RI is more widely deployed this option is enabled by default.

static int zlib_stateful_ex_idx = -1;

static void zlib_stateful_free_ex_data(void *obj, void *item,

	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)

	{

	struct zlib_state *state = (struct zlib_state *)item;

	inflateEnd(&state->istream);

	deflateEnd(&state->ostream);

	OPENSSL_free(state);

	}

static int zlib_stateful_init(COMP_CTX *ctx)

	{

	int err;

static void zlib_stateful_finish(COMP_CTX *ctx)

	{

	struct zlib_state *state =

		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,

			zlib_stateful_ex_idx);

	inflateEnd(&state->istream);

	deflateEnd(&state->ostream);

	OPENSSL_free(state);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);

	}

			if (zlib_stateful_ex_idx == -1)

				zlib_stateful_ex_idx =

					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,

						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);

						0,NULL,NULL,NULL,NULL);

			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);

			if (zlib_stateful_ex_idx == -1)

				goto err;