Mercurial > trustbridge
view patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 1143:cc7a5c12a429 runafterinstall
Runafterinstall has been merged into master
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Thu, 18 Sep 2014 10:30:27 +0200 |
parents | 0570b1e562c2 |
children |
line wrap: on
line source
From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001 From: Andre Heinecke <aheinecke@intevation.de> Date: Mon, 1 Sep 2014 16:06:03 +0200 Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl Forwards the setting as minimum ssl version to polarssl. If the server does not support the requested version the SSL Handshake will fail. --- lib/vtls/polarssl.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index f948486..e18cadf 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_0); + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); + } + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) { + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_1); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n"); + } + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) { + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_2); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n"); + } + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) { + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_3); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n"); + } + ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); -- 1.9.1