Mercurial > trustbridge
annotate patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1390:f3e2df6b49ba
(issue181) Fix hardcoded values for RSA codesigning key size.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 19 Jan 2015 15:42:20 +0100 |
parents | 93325618ac7b |
children |
rev | line source |
---|---|
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
1 From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001 |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 From: Andre Heinecke <aheinecke@intevation.de> |
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
3 Date: Tue, 2 Sep 2014 09:58:44 +0200 |
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
4 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites. |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 --- |
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++-- |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
8 1 file changed, 39 insertions(+), 2 deletions(-) |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c |
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
11 index 5332b92..08dc4c6 100644 |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 --- a/lib/vtls/polarssl.c |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 +++ b/lib/vtls/polarssl.c |
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
14 @@ -55,6 +55,7 @@ |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
15 #include "select.h" |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
16 #include "rawstr.h" |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
17 #include "polarssl_threadlock.h" |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
18 +#include "strtok.h" |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
19 |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
20 #define _MPRINTF_REPLACE /* use our functions only */ |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
21 #include <curl/mprintf.h> |
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
22 @@ -67,6 +68,8 @@ |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 #define THREADING_SUPPORT |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 #endif |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 +#define MAX_CIPHERSUITES 255 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 #if defined(THREADING_SUPPORT) |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 static entropy_context entropy; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 |
1002
e9ff3107b885
Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1000
diff
changeset
|
31 @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line) |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 static Curl_recv polarssl_recv; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 static Curl_send polarssl_send; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 - |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 +static int ciphersuites[MAX_CIPHERSUITES + 1]; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 static CURLcode |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 polarssl_connect_step1(struct connectdata *conn, |
1086
93325618ac7b
(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1002
diff
changeset
|
40 @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn, |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 net_recv, &conn->sock[sockindex], |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 net_send, &conn->sock[sockindex]); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 + if(!data->set.str[STRING_SSL_CIPHER_LIST]) |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 + else { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 + /* Convert string input to polarssl cipher id's */ |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 + char *tmp, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 + *token, |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 + *tok_buf; |
1000
c6c8f4ce48f8
Fix force ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents:
998
diff
changeset
|
52 + int i = 0; |
998
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 + if(!tmp) |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 + return CURLE_OUT_OF_MEMORY; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 + for (token = strtok_r(tmp, ":", &tok_buf); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 + token != NULL; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 + token = strtok_r(NULL, ":", &tok_buf)) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 + ciphersuites[i] = ssl_get_ciphersuite_id(token); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 + if (!ciphersuites[i]) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 + infof(data, "WARNING: failed to set cipher: %s\n", token); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 + /* Do not increase i as the first 0 is the end |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 + of the list so we overwrite it with the next |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 + valid cipher. Maybe we should fail? */ |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 + continue; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 + i++; |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 + free(tmp); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 + /* Beware, polarssl does not make a copy of the ciphersuites |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 + so the data needs to be valid during the call. */ |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 + ssl_set_ciphersuites(&connssl->ssl, ciphersuites); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 + } |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 + |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 memcpy(&connssl->ssn, old_session, old_session_size); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 infof(data, "PolarSSL re-using session\n"); |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 -- |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 1.9.1 |
0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 |