Mercurial > trustbridge
comparison patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 998:0570b1e562c2
(issue90) Add curl patches for the problems we had with curl.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 01 Sep 2014 19:48:53 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 997:405c97ca4ab0 | 998:0570b1e562c2 |
|---|---|
| 1 From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001 | |
| 2 From: Andre Heinecke <aheinecke@intevation.de> | |
| 3 Date: Mon, 1 Sep 2014 16:06:03 +0200 | |
| 4 Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl | |
| 5 | |
| 6 Forwards the setting as minimum ssl version to polarssl. | |
| 7 If the server does not support the requested version the | |
| 8 SSL Handshake will fail. | |
| 9 --- | |
| 10 lib/vtls/polarssl.c | 21 +++++++++++++++++++++ | |
| 11 1 file changed, 21 insertions(+) | |
| 12 | |
| 13 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c | |
| 14 index f948486..e18cadf 100644 | |
| 15 --- a/lib/vtls/polarssl.c | |
| 16 +++ b/lib/vtls/polarssl.c | |
| 17 @@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn, | |
| 18 return CURLE_SSL_CONNECT_ERROR; | |
| 19 } | |
| 20 | |
| 21 + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { | |
| 22 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, | |
| 23 + SSL_MINOR_VERSION_0); | |
| 24 + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); | |
| 25 + } | |
| 26 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) { | |
| 27 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, | |
| 28 + SSL_MINOR_VERSION_1); | |
| 29 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n"); | |
| 30 + } | |
| 31 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) { | |
| 32 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, | |
| 33 + SSL_MINOR_VERSION_2); | |
| 34 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n"); | |
| 35 + } | |
| 36 + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) { | |
| 37 + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, | |
| 38 + SSL_MINOR_VERSION_3); | |
| 39 + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n"); | |
| 40 + } | |
| 41 + | |
| 42 ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); | |
| 43 ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); | |
| 44 | |
| 45 -- | |
| 46 1.9.1 | |
| 47 |