annotate patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1316:ff9cd05e861e

(issue166) Fix certificiate removal The index that should be removed came from the filter proxy model and did not map to the real index. This was broken.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 13 Oct 2014 17:23:35 +0200
parents 93325618ac7b
children
rev   line source
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
1 From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 From: Andre Heinecke <aheinecke@intevation.de>
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
3 Date: Tue, 2 Sep 2014 09:58:44 +0200
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
4 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites.
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 ---
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++--
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
8 1 file changed, 39 insertions(+), 2 deletions(-)
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
11 index 5332b92..08dc4c6 100644
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
12 --- a/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13 +++ b/lib/vtls/polarssl.c
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
14 @@ -55,6 +55,7 @@
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
15 #include "select.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
16 #include "rawstr.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
17 #include "polarssl_threadlock.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
18 +#include "strtok.h"
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
19
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
20 #define _MPRINTF_REPLACE /* use our functions only */
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
21 #include <curl/mprintf.h>
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
22 @@ -67,6 +68,8 @@
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23 #define THREADING_SUPPORT
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24 #endif
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 +#define MAX_CIPHERSUITES 255
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
28 #if defined(THREADING_SUPPORT)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29 static entropy_context entropy;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30
1002
e9ff3107b885 Fix windows build of force-ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1000
diff changeset
31 @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line)
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 static Curl_recv polarssl_recv;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 static Curl_send polarssl_send;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 -
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 +static int ciphersuites[MAX_CIPHERSUITES + 1];
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 static CURLcode
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 polarssl_connect_step1(struct connectdata *conn,
1086
93325618ac7b (issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1002
diff changeset
40 @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn,
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 net_recv, &conn->sock[sockindex],
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 net_send, &conn->sock[sockindex]);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 + if(!data->set.str[STRING_SSL_CIPHER_LIST])
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47 + else {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
48 + /* Convert string input to polarssl cipher id's */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
49 + char *tmp,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
50 + *token,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
51 + *tok_buf;
1000
c6c8f4ce48f8 Fix force ciphersuites patch
Andre Heinecke <andre.heinecke@intevation.de>
parents: 998
diff changeset
52 + int i = 0;
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
53 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
54 + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
55 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
56 + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
57 + if(!tmp)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
58 + return CURLE_OUT_OF_MEMORY;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
59 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
60 + for (token = strtok_r(tmp, ":", &tok_buf);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
61 + token != NULL;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
62 + token = strtok_r(NULL, ":", &tok_buf)) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
63 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
64 + ciphersuites[i] = ssl_get_ciphersuite_id(token);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
65 + if (!ciphersuites[i]) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
66 + infof(data, "WARNING: failed to set cipher: %s\n", token);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
67 + /* Do not increase i as the first 0 is the end
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
68 + of the list so we overwrite it with the next
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
69 + valid cipher. Maybe we should fail? */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
70 + continue;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 + i++;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
74 + free(tmp);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
75 + /* Beware, polarssl does not make a copy of the ciphersuites
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 + so the data needs to be valid during the call. */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77 + ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81 memcpy(&connssl->ssn, old_session, old_session_size);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82 infof(data, "PolarSSL re-using session\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
83 --
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
84 1.9.1
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
85

http://wald.intevation.org/projects/trustbridge/