diff patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 1008:2fb6071c6669

Merged
author Emanuel Schuetze <emanuel@intevation.de>
date Tue, 02 Sep 2014 11:55:15 +0200
parents 0570b1e562c2
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch	Tue Sep 02 11:55:15 2014 +0200
@@ -0,0 +1,47 @@
+From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001
+From: Andre Heinecke <aheinecke@intevation.de>
+Date: Mon, 1 Sep 2014 16:06:03 +0200
+Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl
+
+    Forwards the setting as minimum ssl version to polarssl.
+    If the server does not support the requested version the
+    SSL Handshake will fail.
+---
+ lib/vtls/polarssl.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index f948486..e18cadf 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn,
+     return CURLE_SSL_CONNECT_ERROR;
+   }
+ 
++  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_0);
++    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_1);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_2);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
++  }
++  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) {
++    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
++                        SSL_MINOR_VERSION_3);
++    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
++  }
++
+   ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
+   ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
+ 
+-- 
+1.9.1
+

http://wald.intevation.org/projects/trustbridge/