changeset 1000:c6c8f4ce48f8

Fix force ciphersuites patch
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 02 Sep 2014 09:49:27 +0200
parents daa9448b64f5
children 0b7bb4f68f5a
files patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch
diffstat 2 files changed, 77 insertions(+), 76 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch	Tue Sep 02 09:49:27 2014 +0200
@@ -0,0 +1,77 @@
+From 7b70a13b983979ccf7a672c0065c232cd7dc0c37 Mon Sep 17 00:00:00 2001
+From: Andre Heinecke <aheinecke@intevation.de>
+Date: Tue, 2 Sep 2014 09:48:01 +0200
+Subject: [PATCH] Add possibility to force polarssl ciphersuites.
+
+---
+ lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index 2c40e36..e0cfb90 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -67,6 +67,8 @@
+ #define THREADING_SUPPORT
+ #endif
+ 
++#define MAX_CIPHERSUITES 255
++
+ #if defined(THREADING_SUPPORT)
+ static entropy_context entropy;
+ 
+@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
+ 
+ static Curl_recv polarssl_recv;
+ static Curl_send polarssl_send;
+-
++static int ciphersuites[MAX_CIPHERSUITES + 1];
+ 
+ static CURLcode
+ polarssl_connect_step1(struct connectdata *conn,
+@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
+               net_recv, &conn->sock[sockindex],
+               net_send, &conn->sock[sockindex]);
+ 
+-  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++  if(!data->set.str[STRING_SSL_CIPHER_LIST])
++    ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++  else {
++    /* Convert string input to polarssl cipher id's */
++    char *tmp,
++         *token,
++         *tok_buf;
++    int i = 0;
++
++    memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
++
++    tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
++    if(!tmp)
++      return CURLE_OUT_OF_MEMORY;
++
++    for (token = strtok_r(tmp, ":", &tok_buf);
++         token != NULL;
++         token = strtok_r(NULL, ":", &tok_buf)) {
++
++      ciphersuites[i] = ssl_get_ciphersuite_id(token);
++      if (!ciphersuites[i]) {
++        infof(data, "WARNING: failed to set cipher: %s\n", token);
++        /* Do not increase i as the first 0 is the end
++           of the list so we overwrite it with the next
++           valid cipher. Maybe we should fail? */
++        continue;
++      }
++      i++;
++    }
++    free(tmp);
++    /* Beware, polarssl does not make a copy of the ciphersuites
++       so the data needs to be valid during the call. */
++    ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
++  }
++
+   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
+     memcpy(&connssl->ssn, old_session, old_session_size);
+     infof(data, "PolarSSL re-using session\n");
+-- 
+1.9.1
+
--- a/patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch	Mon Sep 01 19:49:54 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,77 +0,0 @@
-From 3dc7ab77759878778ae440a31304c736c1ef8cba Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke@intevation.de>
-Date: Mon, 1 Sep 2014 19:43:55 +0200
-Subject: [PATCH 3/3] Add possibility to fore polarssl ciphersuites.
-
----
- lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
-index 2c40e36..7e806bf 100644
---- a/lib/vtls/polarssl.c
-+++ b/lib/vtls/polarssl.c
-@@ -67,6 +67,8 @@
- #define THREADING_SUPPORT
- #endif
- 
-+#define MAX_CIPHERSUITES 255
-+
- #if defined(THREADING_SUPPORT)
- static entropy_context entropy;
- 
-@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
- 
- static Curl_recv polarssl_recv;
- static Curl_send polarssl_send;
--
-+static int ciphersuites[MAX_CIPHERSUITES + 1];
- 
- static CURLcode
- polarssl_connect_step1(struct connectdata *conn,
-@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
-               net_recv, &conn->sock[sockindex],
-               net_send, &conn->sock[sockindex]);
- 
--  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
-+  if(!data->set.str[STRING_SSL_CIPHER_LIST])
-+    ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
-+  else {
-+    /* Convert string input to polarssl cipher id's */
-+    char *tmp,
-+         *token,
-+         *tok_buf;
-+
-+    memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
-+
-+    tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
-+    if(!tmp)
-+      return CURLE_OUT_OF_MEMORY;
-+
-+    i = 0;
-+    for (token = strtok_r(tmp, ":", &tok_buf);
-+         token != NULL;
-+         token = strtok_r(NULL, ":", &tok_buf)) {
-+
-+      ciphersuites[i] = ssl_get_ciphersuite_id(token);
-+      if (!ciphersuites[i]) {
-+        infof(data, "WARNING: failed to set cipher: %s\n", token);
-+        /* Do not increase i as the first 0 is the end
-+           of the list so we overwrite it with the next
-+           valid cipher. Maybe we should fail? */
-+        continue;
-+      }
-+      i++;
-+    }
-+    free(tmp);
-+    /* Beware, polarssl does not make a copy of the ciphersuites
-+       so the data needs to be valid during the call. */
-+    ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
-+  }
-+
-   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
-     memcpy(&connssl->ssn, old_session, old_session_size);
-     infof(data, "PolarSSL re-using session\n");
--- 
-1.9.1
-

http://wald.intevation.org/projects/trustbridge/