Mercurial > trustbridge
changeset 1000:c6c8f4ce48f8
Fix force ciphersuites patch
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 02 Sep 2014 09:49:27 +0200 |
parents | daa9448b64f5 |
children | 0b7bb4f68f5a |
files | patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch |
diffstat | 2 files changed, 77 insertions(+), 76 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch Tue Sep 02 09:49:27 2014 +0200 @@ -0,0 +1,77 @@ +From 7b70a13b983979ccf7a672c0065c232cd7dc0c37 Mon Sep 17 00:00:00 2001 +From: Andre Heinecke <aheinecke@intevation.de> +Date: Tue, 2 Sep 2014 09:48:01 +0200 +Subject: [PATCH] Add possibility to force polarssl ciphersuites. + +--- + lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 2 deletions(-) + +diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c +index 2c40e36..e0cfb90 100644 +--- a/lib/vtls/polarssl.c ++++ b/lib/vtls/polarssl.c +@@ -67,6 +67,8 @@ + #define THREADING_SUPPORT + #endif + ++#define MAX_CIPHERSUITES 255 ++ + #if defined(THREADING_SUPPORT) + static entropy_context entropy; + +@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line) + + static Curl_recv polarssl_recv; + static Curl_send polarssl_send; +- ++static int ciphersuites[MAX_CIPHERSUITES + 1]; + + static CURLcode + polarssl_connect_step1(struct connectdata *conn, +@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn, + net_recv, &conn->sock[sockindex], + net_send, &conn->sock[sockindex]); + +- ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); ++ if(!data->set.str[STRING_SSL_CIPHER_LIST]) ++ ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); ++ else { ++ /* Convert string input to polarssl cipher id's */ ++ char *tmp, ++ *token, ++ *tok_buf; ++ int i = 0; ++ ++ memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); ++ ++ tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); ++ if(!tmp) ++ return CURLE_OUT_OF_MEMORY; ++ ++ for (token = strtok_r(tmp, ":", &tok_buf); ++ token != NULL; ++ token = strtok_r(NULL, ":", &tok_buf)) { ++ ++ ciphersuites[i] = ssl_get_ciphersuite_id(token); ++ if (!ciphersuites[i]) { ++ infof(data, "WARNING: failed to set cipher: %s\n", token); ++ /* Do not increase i as the first 0 is the end ++ of the list so we overwrite it with the next ++ valid cipher. Maybe we should fail? */ ++ continue; ++ } ++ i++; ++ } ++ free(tmp); ++ /* Beware, polarssl does not make a copy of the ciphersuites ++ so the data needs to be valid during the call. */ ++ ssl_set_ciphersuites(&connssl->ssl, ciphersuites); ++ } ++ + if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { + memcpy(&connssl->ssn, old_session, old_session_size); + infof(data, "PolarSSL re-using session\n"); +-- +1.9.1 +
--- a/patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch Mon Sep 01 19:49:54 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,77 +0,0 @@ -From 3dc7ab77759878778ae440a31304c736c1ef8cba Mon Sep 17 00:00:00 2001 -From: Andre Heinecke <aheinecke@intevation.de> -Date: Mon, 1 Sep 2014 19:43:55 +0200 -Subject: [PATCH 3/3] Add possibility to fore polarssl ciphersuites. - ---- - lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c -index 2c40e36..7e806bf 100644 ---- a/lib/vtls/polarssl.c -+++ b/lib/vtls/polarssl.c -@@ -67,6 +67,8 @@ - #define THREADING_SUPPORT - #endif - -+#define MAX_CIPHERSUITES 255 -+ - #if defined(THREADING_SUPPORT) - static entropy_context entropy; - -@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line) - - static Curl_recv polarssl_recv; - static Curl_send polarssl_send; -- -+static int ciphersuites[MAX_CIPHERSUITES + 1]; - - static CURLcode - polarssl_connect_step1(struct connectdata *conn, -@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn, - net_recv, &conn->sock[sockindex], - net_send, &conn->sock[sockindex]); - -- ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); -+ if(!data->set.str[STRING_SSL_CIPHER_LIST]) -+ ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); -+ else { -+ /* Convert string input to polarssl cipher id's */ -+ char *tmp, -+ *token, -+ *tok_buf; -+ -+ memset(ciphersuites, 0, MAX_CIPHERSUITES + 1); -+ -+ tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]); -+ if(!tmp) -+ return CURLE_OUT_OF_MEMORY; -+ -+ i = 0; -+ for (token = strtok_r(tmp, ":", &tok_buf); -+ token != NULL; -+ token = strtok_r(NULL, ":", &tok_buf)) { -+ -+ ciphersuites[i] = ssl_get_ciphersuite_id(token); -+ if (!ciphersuites[i]) { -+ infof(data, "WARNING: failed to set cipher: %s\n", token); -+ /* Do not increase i as the first 0 is the end -+ of the list so we overwrite it with the next -+ valid cipher. Maybe we should fail? */ -+ continue; -+ } -+ i++; -+ } -+ free(tmp); -+ /* Beware, polarssl does not make a copy of the ciphersuites -+ so the data needs to be valid during the call. */ -+ ssl_set_ciphersuites(&connssl->ssl, ciphersuites); -+ } -+ - if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { - memcpy(&connssl->ssn, old_session, old_session_size); - infof(data, "PolarSSL re-using session\n"); --- -1.9.1 -