annotate patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1390:f3e2df6b49ba

(issue181) Fix hardcoded values for RSA codesigning key size.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 19 Jan 2015 15:42:20 +0100
parents 93325618ac7b
children
rev   line source
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
1 From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 From: Andre Heinecke <aheinecke@intevation.de>
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
3 Date: Tue, 2 Sep 2014 09:58:44 +0200
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
4 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites.
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 ---
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++--
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
8 1 file changed, 39 insertions(+), 2 deletions(-)
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
11 index 5332b92..08dc4c6 100644
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
12 --- a/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13 +++ b/lib/vtls/polarssl.c
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
14 @@ -55,6 +55,7 @@
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
15 #include "select.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
16 #include "rawstr.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
17 #include "polarssl_threadlock.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
18 +#include "strtok.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
19
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
20 #define _MPRINTF_REPLACE /* use our functions only */
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
21 #include <curl/mprintf.h>
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
22 @@ -67,6 +68,8 @@
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23 #define THREADING_SUPPORT
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24 #endif
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 +#define MAX_CIPHERSUITES 255
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
28 #if defined(THREADING_SUPPORT)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29 static entropy_context entropy;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
31 @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line)
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 static Curl_recv polarssl_recv;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 static Curl_send polarssl_send;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 -
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 +static int ciphersuites[MAX_CIPHERSUITES + 1];
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 static CURLcode
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 polarssl_connect_step1(struct connectdata *conn,
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
40 @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn,
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 net_recv, &conn->sock[sockindex],
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 net_send, &conn->sock[sockindex]);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 + if(!data->set.str[STRING_SSL_CIPHER_LIST])
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47 + else {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
48 + /* Convert string input to polarssl cipher id's */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
49 + char *tmp,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
50 + *token,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
51 + *tok_buf;
1000
c6c8f4ce48f8 Fix force ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 998
diff changeset
52 + int i = 0;
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
53 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
54 + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
55 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
56 + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
57 + if(!tmp)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
58 + return CURLE_OUT_OF_MEMORY;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
59 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
60 + for (token = strtok_r(tmp, ":", &tok_buf);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
61 + token != NULL;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
62 + token = strtok_r(NULL, ":", &tok_buf)) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
63 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
64 + ciphersuites[i] = ssl_get_ciphersuite_id(token);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
65 + if (!ciphersuites[i]) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
66 + infof(data, "WARNING: failed to set cipher: %s\n", token);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
67 + /* Do not increase i as the first 0 is the end
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
68 + of the list so we overwrite it with the next
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
69 + valid cipher. Maybe we should fail? */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
70 + continue;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 + i++;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
74 + free(tmp);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
75 + /* Beware, polarssl does not make a copy of the ciphersuites
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 + so the data needs to be valid during the call. */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77 + ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81 memcpy(&connssl->ssn, old_session, old_session_size);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82 infof(data, "PolarSSL re-using session\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
83 --
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
84 1.9.1
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
85

http://wald.intevation.org/projects/trustbridge/