Mercurial > trustbridge
comparison patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1000:c6c8f4ce48f8
Fix force ciphersuites patch
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 02 Sep 2014 09:49:27 +0200 |
| parents | patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch@0570b1e562c2 |
| children | e9ff3107b885 |
comparison
equal
deleted
inserted
replaced
| 999:daa9448b64f5 | 1000:c6c8f4ce48f8 |
|---|---|
| 1 From 7b70a13b983979ccf7a672c0065c232cd7dc0c37 Mon Sep 17 00:00:00 2001 | |
| 2 From: Andre Heinecke <aheinecke@intevation.de> | |
| 3 Date: Tue, 2 Sep 2014 09:48:01 +0200 | |
| 4 Subject: [PATCH] Add possibility to force polarssl ciphersuites. | |
| 5 | |
| 6 --- | |
| 7 lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++-- | |
| 8 1 file changed, 38 insertions(+), 2 deletions(-) | |
| 9 | |
| 10 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c | |
| 11 index 2c40e36..e0cfb90 100644 | |
| 12 --- a/lib/vtls/polarssl.c | |
| 13 +++ b/lib/vtls/polarssl.c | |
| 14 @@ -67,6 +67,8 @@ | |
| 15 #define THREADING_SUPPORT | |
| 16 #endif | |
| 17 | |
| 18 +#define MAX_CIPHERSUITES 255 | |
| 19 + | |
| 20 #if defined(THREADING_SUPPORT) | |
| 21 static entropy_context entropy; | |
| 22 | |
| 23 @@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line) | |
| 24 | |
| 25 static Curl_recv polarssl_recv; | |
| 26 static Curl_send polarssl_send; | |
| 27 - | |
| 28 +static int ciphersuites[MAX_CIPHERSUITES + 1]; | |
| 29 | |
| 30 static CURLcode | |
| 31 polarssl_connect_step1(struct connectdata *conn, | |
| 32 @@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn, | |
| 33 net_recv, &conn->sock[sockindex], | |
| 34 net_send, &conn->sock[sockindex]); | |
| 35 | |
| 36 - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); | |
| 37 + if(!data->set.str[STRING_SSL_CIPHER_LIST]) | |
| 38 + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); | |
| 39 + else { | |
| 40 + /* Convert string input to polarssl cipher id's */ | |
| 41 + char *tmp, | |
| 42 + *token, | |
| 43 + *tok_buf; | |
| 44 + int i = 0; | |
| 45 + | |
| 46 + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); | |
| 47 + | |
| 48 + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); | |
| 49 + if(!tmp) | |
| 50 + return CURLE_OUT_OF_MEMORY; | |
| 51 + | |
| 52 + for (token = strtok_r(tmp, ":", &tok_buf); | |
| 53 + token != NULL; | |
| 54 + token = strtok_r(NULL, ":", &tok_buf)) { | |
| 55 + | |
| 56 + ciphersuites[i] = ssl_get_ciphersuite_id(token); | |
| 57 + if (!ciphersuites[i]) { | |
| 58 + infof(data, "WARNING: failed to set cipher: %s\n", token); | |
| 59 + /* Do not increase i as the first 0 is the end | |
| 60 + of the list so we overwrite it with the next | |
| 61 + valid cipher. Maybe we should fail? */ | |
| 62 + continue; | |
| 63 + } | |
| 64 + i++; | |
| 65 + } | |
| 66 + free(tmp); | |
| 67 + /* Beware, polarssl does not make a copy of the ciphersuites | |
| 68 + so the data needs to be valid during the call. */ | |
| 69 + ssl_set_ciphersuites(&connssl->ssl, ciphersuites); | |
| 70 + } | |
| 71 + | |
| 72 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { | |
| 73 memcpy(&connssl->ssn, old_session, old_session_size); | |
| 74 infof(data, "PolarSSL re-using session\n"); | |
| 75 -- | |
| 76 1.9.1 | |
| 77 |