Mercurial > trustbridge
view patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch @ 1310:60e481aa75ca
(issue152) Do not return CryptUIDlgViewContext's return value
The return value is false if the user cancels the dialog.
But as the certificate has been shown this is not really an
error.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 13 Oct 2014 14:13:05 +0200 |
| parents | 93325618ac7b |
| children |
line wrap: on
line source
From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001 From: Andre Heinecke <aheinecke@intevation.de> Date: Tue, 2 Sep 2014 09:58:44 +0200 Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites. --- lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 5332b92..08dc4c6 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -55,6 +55,7 @@ #include "select.h" #include "rawstr.h" #include "polarssl_threadlock.h" +#include "strtok.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -67,6 +68,8 @@ #define THREADING_SUPPORT #endif +#define MAX_CIPHERSUITES 255 + #if defined(THREADING_SUPPORT) static entropy_context entropy; @@ -129,7 +132,7 @@ static void polarssl_debug(void *context, int level, const char *line) static Curl_recv polarssl_recv; static Curl_send polarssl_send; - +static int ciphersuites[MAX_CIPHERSUITES + 1]; static CURLcode polarssl_connect_step1(struct connectdata *conn, @@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn, net_recv, &conn->sock[sockindex], net_send, &conn->sock[sockindex]); - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); + if(!data->set.str[STRING_SSL_CIPHER_LIST]) + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); + else { + /* Convert string input to polarssl cipher id's */ + char *tmp, + *token, + *tok_buf; + int i = 0; + + memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); + + tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); + if(!tmp) + return CURLE_OUT_OF_MEMORY; + + for (token = strtok_r(tmp, ":", &tok_buf); + token != NULL; + token = strtok_r(NULL, ":", &tok_buf)) { + + ciphersuites[i] = ssl_get_ciphersuite_id(token); + if (!ciphersuites[i]) { + infof(data, "WARNING: failed to set cipher: %s\n", token); + /* Do not increase i as the first 0 is the end + of the list so we overwrite it with the next + valid cipher. Maybe we should fail? */ + continue; + } + i++; + } + free(tmp); + /* Beware, polarssl does not make a copy of the ciphersuites + so the data needs to be valid during the call. */ + ssl_set_ciphersuites(&connssl->ssl, ciphersuites); + } + if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { memcpy(&connssl->ssn, old_session, old_session_size); infof(data, "PolarSSL re-using session\n"); -- 1.9.1