Mercurial > trustbridge
annotate patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1310:60e481aa75ca
(issue152) Do not return CryptUIDlgViewContext's return value
The return value is false if the user cancels the dialog.
But as the certificate has been shown this is not really an
error.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 13 Oct 2014 14:13:05 +0200 |
| parents | 93325618ac7b |
| children |
| rev | line source |
|---|---|
|
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
1 From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001 |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 From: Andre Heinecke <aheinecke@intevation.de> |
|
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
3 Date: Tue, 2 Sep 2014 09:58:44 +0200 |
|
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
4 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites. |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 --- |
|
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++-- |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
8 1 file changed, 39 insertions(+), 2 deletions(-) |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c |
|
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
11 index 5332b92..08dc4c6 100644 |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 --- a/lib/vtls/polarssl.c |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 +++ b/lib/vtls/polarssl.c |
|
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
14 @@ -55,6 +55,7 @@ |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
15 #include "select.h" |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
16 #include "rawstr.h" |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
17 #include "polarssl_threadlock.h" |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
18 +#include "strtok.h" |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
19 |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
20 #define _MPRINTF_REPLACE /* use our functions only */ |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
21 #include <curl/mprintf.h> |
|
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
22 @@ -67,6 +68,8 @@ |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 #define THREADING_SUPPORT |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 #endif |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 +#define MAX_CIPHERSUITES 255 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 #if defined(THREADING_SUPPORT) |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 static entropy_context entropy; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 |
|
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
31 @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line) |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 static Curl_recv polarssl_recv; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 static Curl_send polarssl_send; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 - |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 +static int ciphersuites[MAX_CIPHERSUITES + 1]; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 static CURLcode |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 polarssl_connect_step1(struct connectdata *conn, |
|
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
40 @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn, |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 net_recv, &conn->sock[sockindex], |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 net_send, &conn->sock[sockindex]); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 + if(!data->set.str[STRING_SSL_CIPHER_LIST]) |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 + else { |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 + /* Convert string input to polarssl cipher id's */ |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 + char *tmp, |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 + *token, |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 + *tok_buf; |
|
1000
c6c8f4ce48f8
Fix force ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
998
diff
changeset
|
52 + int i = 0; |
|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 + if(!tmp) |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 + return CURLE_OUT_OF_MEMORY; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 + for (token = strtok_r(tmp, ":", &tok_buf); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 + token != NULL; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 + token = strtok_r(NULL, ":", &tok_buf)) { |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 + ciphersuites[i] = ssl_get_ciphersuite_id(token); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 + if (!ciphersuites[i]) { |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 + infof(data, "WARNING: failed to set cipher: %s\n", token); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 + /* Do not increase i as the first 0 is the end |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 + of the list so we overwrite it with the next |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 + valid cipher. Maybe we should fail? */ |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 + continue; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 + } |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 + i++; |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 + } |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 + free(tmp); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 + /* Beware, polarssl does not make a copy of the ciphersuites |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 + so the data needs to be valid during the call. */ |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 + ssl_set_ciphersuites(&connssl->ssl, ciphersuites); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 + } |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 + |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 memcpy(&connssl->ssn, old_session, old_session_size); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 infof(data, "PolarSSL re-using session\n"); |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 -- |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 1.9.1 |
|
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 |