view patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch @ 1143:cc7a5c12a429 runafterinstall

Runafterinstall has been merged into master
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 18 Sep 2014 10:30:27 +0200
parents 0570b1e562c2
children
line wrap: on
line source
From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Mon, 1 Sep 2014 16:06:03 +0200
Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl

    Forwards the setting as minimum ssl version to polarssl.
    If the server does not support the requested version the
    SSL Handshake will fail.
---
 lib/vtls/polarssl.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index f948486..e18cadf 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn,
     return CURLE_SSL_CONNECT_ERROR;
   }
 
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_0);
+    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
+  }
+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) {
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_1);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
+  }
+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) {
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_2);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
+  }
+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) {
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_3);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
+  }
+
   ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
   ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
 
-- 
1.9.1

http://wald.intevation.org/projects/trustbridge/