annotate patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 1000:c6c8f4ce48f8

Fix force ciphersuites patch
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 02 Sep 2014 09:49:27 +0200
parents 0570b1e562c2
children
rev   line source
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
1 From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 From: Andre Heinecke <aheinecke@intevation.de>
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
3 Date: Mon, 1 Sep 2014 16:06:03 +0200
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
4 Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 Forwards the setting as minimum ssl version to polarssl.
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
7 If the server does not support the requested version the
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
8 SSL Handshake will fail.
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9 ---
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
10 lib/vtls/polarssl.c | 21 +++++++++++++++++++++
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
11 1 file changed, 21 insertions(+)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
12
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
14 index f948486..e18cadf 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
15 --- a/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
16 +++ b/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
17 @@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
18 return CURLE_SSL_CONNECT_ERROR;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
19 }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
20
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
21 + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
22 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23 + SSL_MINOR_VERSION_0);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24 + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
28 + SSL_MINOR_VERSION_1);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
31 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 + SSL_MINOR_VERSION_2);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 + SSL_MINOR_VERSION_3);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
40 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43 ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 --
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 1.9.1
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47

http://wald.intevation.org/projects/trustbridge/