Mercurial > trustbridge

diff patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 998:0570b1e562c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue90) Add curl patches for the problems we had with curl.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 01 Sep 2014 19:48:53 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch	Mon Sep 01 19:48:53 2014 +0200
@@ -0,0 +1,47 @@
+From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001
+From: Andre Heinecke <aheinecke@intevation.de>
+Date: Mon, 1 Sep 2014 16:06:03 +0200
+Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl
+
+    Forwards the setting as minimum ssl version to polarssl.
+    If the server does not support the requested version the
+    SSL Handshake will fail.
+---
+ lib/vtls/polarssl.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index f948486..e18cadf 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn,
+     return CURLE_SSL_CONNECT_ERROR;
+   }
+ 
++  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_0);
++    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_1);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_2);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_3);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
++  }
++
+   ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
+   ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
+ 
+-- 
+1.9.1
+
http://wald.intevation.org/projects/trustbridge/