comparison patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1086:93325618ac7b

(issue117) Set verify callback to abort the handshake earlier if the certificate does not match.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 12 Sep 2014 13:09:02 +0200
parents e9ff3107b885
children
comparison
equal deleted inserted replaced
1085:84311f4ce89b 1086:93325618ac7b
1 From a36ec2b65e81109c151759b282c221daf91b83ee Mon Sep 17 00:00:00 2001 1 From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001
2 From: Andre Heinecke <aheinecke@intevation.de> 2 From: Andre Heinecke <aheinecke@intevation.de>
3 Date: Tue, 2 Sep 2014 09:58:44 +0200 3 Date: Tue, 2 Sep 2014 09:58:44 +0200
4 Subject: [PATCH] Add possibility to force polarssl ciphersuites. 4 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites.
5 5
6 --- 6 ---
7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++-- 7 lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++--
8 1 file changed, 39 insertions(+), 2 deletions(-) 8 1 file changed, 39 insertions(+), 2 deletions(-)
9 9
10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c 10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
11 index 2c40e36..c3f1b8e 100644 11 index 5332b92..08dc4c6 100644
12 --- a/lib/vtls/polarssl.c 12 --- a/lib/vtls/polarssl.c
13 +++ b/lib/vtls/polarssl.c 13 +++ b/lib/vtls/polarssl.c
14 @@ -55,6 +55,7 @@ 14 @@ -55,6 +55,7 @@
15 #include "select.h" 15 #include "select.h"
16 #include "rawstr.h" 16 #include "rawstr.h"
35 - 35 -
36 +static int ciphersuites[MAX_CIPHERSUITES + 1]; 36 +static int ciphersuites[MAX_CIPHERSUITES + 1];
37 37
38 static CURLcode 38 static CURLcode
39 polarssl_connect_step1(struct connectdata *conn, 39 polarssl_connect_step1(struct connectdata *conn,
40 @@ -300,7 +303,41 @@ polarssl_connect_step1(struct connectdata *conn, 40 @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn,
41 net_recv, &conn->sock[sockindex], 41 net_recv, &conn->sock[sockindex],
42 net_send, &conn->sock[sockindex]); 42 net_send, &conn->sock[sockindex]);
43 43
44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); 44 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
45 + if(!data->set.str[STRING_SSL_CIPHER_LIST]) 45 + if(!data->set.str[STRING_SSL_CIPHER_LIST])

http://wald.intevation.org/projects/trustbridge/