Mercurial > trustbridge
view patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1371:23df332b2a4c
(issue179) Read install signature timestamp from config
This also changes the way the sigDt is propgated to the
MainWindow. It no longer uses the settings but hands
it over as a parameter directly.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 24 Nov 2014 15:48:49 +0100 |
parents | 93325618ac7b |
children |
line wrap: on
line source
From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001 From: Andre Heinecke <aheinecke@intevation.de> Date: Tue, 2 Sep 2014 09:58:44 +0200 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites. --- lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 5332b92..08dc4c6 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -55,6 +55,7 @@ #include "select.h" #include "rawstr.h" #include "polarssl_threadlock.h" +#include "strtok.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -67,6 +68,8 @@ #define THREADING_SUPPORT #endif +#define MAX_CIPHERSUITES 255 + #if defined(THREADING_SUPPORT) static entropy_context entropy; @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line) static Curl_recv polarssl_recv; static Curl_send polarssl_send; - +static int ciphersuites[MAX_CIPHERSUITES + 1]; static CURLcode polarssl_connect_step1(struct connectdata *conn, @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn, net_recv, &conn->sock[sockindex], net_send, &conn->sock[sockindex]); - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); + if(!data->set.str[STRING_SSL_CIPHER_LIST]) + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); + else { + /* Convert string input to polarssl cipher id's */ + char *tmp, + *token, + *tok_buf; + int i = 0; + + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); + + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); + if(!tmp) + return CURLE_OUT_OF_MEMORY; + + for (token = strtok_r(tmp, ":", &tok_buf); + token != NULL; + token = strtok_r(NULL, ":", &tok_buf)) { + + ciphersuites[i] = ssl_get_ciphersuite_id(token); + if (!ciphersuites[i]) { + infof(data, "WARNING: failed to set cipher: %s\n", token); + /* Do not increase i as the first 0 is the end + of the list so we overwrite it with the next + valid cipher. Maybe we should fail? */ + continue; + } + i++; + } + free(tmp); + /* Beware, polarssl does not make a copy of the ciphersuites + so the data needs to be valid during the call. */ + ssl_set_ciphersuites(&connssl->ssl, ciphersuites); + } + if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { memcpy(&connssl->ssn, old_session, old_session_size); infof(data, "PolarSSL re-using session\n"); -- 1.9.1