Mercurial > trustbridge

view patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch @ 998:0570b1e562c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue90) Add curl patches for the problems we had with curl.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 01 Sep 2014 19:48:53 +0200
parents
children
line wrap: on
line source
From 3dc7ab77759878778ae440a31304c736c1ef8cba Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Mon, 1 Sep 2014 19:43:55 +0200
Subject: [PATCH 3/3] Add possibility to fore polarssl ciphersuites.

---
 lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 2c40e36..7e806bf 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -67,6 +67,8 @@
 #define THREADING_SUPPORT
 #endif
 
+#define MAX_CIPHERSUITES 255
+
 #if defined(THREADING_SUPPORT)
 static entropy_context entropy;
 
@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
 
 static Curl_recv polarssl_recv;
 static Curl_send polarssl_send;
-
+static int ciphersuites[MAX_CIPHERSUITES + 1];
 
 static CURLcode
 polarssl_connect_step1(struct connectdata *conn,
@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
               net_recv, &conn->sock[sockindex],
               net_send, &conn->sock[sockindex]);
 
-  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
+  if(!data->set.str[STRING_SSL_CIPHER_LIST])
+    ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
+  else {
+    /* Convert string input to polarssl cipher id's */
+    char *tmp,
+         *token,
+         *tok_buf;
+
+    memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
+
+    tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
+    if(!tmp)
+      return CURLE_OUT_OF_MEMORY;
+
+    i = 0;
+    for (token = strtok_r(tmp, ":", &tok_buf);
+         token != NULL;
+         token = strtok_r(NULL, ":", &tok_buf)) {
+
+      ciphersuites[i] = ssl_get_ciphersuite_id(token);
+      if (!ciphersuites[i]) {
+        infof(data, "WARNING: failed to set cipher: %s\n", token);
+        /* Do not increase i as the first 0 is the end
+           of the list so we overwrite it with the next
+           valid cipher. Maybe we should fail? */
+        continue;
+      }
+      i++;
+    }
+    free(tmp);
+    /* Beware, polarssl does not make a copy of the ciphersuites
+       so the data needs to be valid during the call. */
+    ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
+  }
+
   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
     memcpy(&connssl->ssn, old_session, old_session_size);
     infof(data, "PolarSSL re-using session\n");
-- 
1.9.1
http://wald.intevation.org/projects/trustbridge/