Mercurial > trustbridge
annotate patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 1000:c6c8f4ce48f8
Fix force ciphersuites patch
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 02 Sep 2014 09:49:27 +0200 |
parents | 0570b1e562c2 |
children |
rev | line source |
---|---|
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 From: Andre Heinecke <aheinecke@intevation.de> |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 Date: Mon, 1 Sep 2014 16:06:03 +0200 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 Forwards the setting as minimum ssl version to polarssl. |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 If the server does not support the requested version the |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 SSL Handshake will fail. |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 --- |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 lib/vtls/polarssl.c | 21 +++++++++++++++++++++ |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 1 file changed, 21 insertions(+) |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 index f948486..e18cadf 100644 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 --- a/lib/vtls/polarssl.c |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 +++ b/lib/vtls/polarssl.c |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 @@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 return CURLE_SSL_CONNECT_ERROR; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 + SSL_MINOR_VERSION_0); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 + SSL_MINOR_VERSION_1); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n"); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 + SSL_MINOR_VERSION_2); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n"); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 + SSL_MINOR_VERSION_3); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n"); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 -- |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 1.9.1 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 |