Mercurial > trustbridge > trustbridge

diff patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch @ 998:0570b1e562c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue90) Add curl patches for the problems we had with curl.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 01 Sep 2014 19:48:53 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch	Mon Sep 01 19:48:53 2014 +0200
@@ -0,0 +1,77 @@
+From 3dc7ab77759878778ae440a31304c736c1ef8cba Mon Sep 17 00:00:00 2001
+From: Andre Heinecke <aheinecke@intevation.de>
+Date: Mon, 1 Sep 2014 19:43:55 +0200
+Subject: [PATCH 3/3] Add possibility to fore polarssl ciphersuites.
+
+---
+ lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index 2c40e36..7e806bf 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -67,6 +67,8 @@
+ #define THREADING_SUPPORT
+ #endif
+ 
++#define MAX_CIPHERSUITES 255
++
+ #if defined(THREADING_SUPPORT)
+ static entropy_context entropy;
+ 
+@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
+ 
+ static Curl_recv polarssl_recv;
+ static Curl_send polarssl_send;
+-
++static int ciphersuites[MAX_CIPHERSUITES + 1];
+ 
+ static CURLcode
+ polarssl_connect_step1(struct connectdata *conn,
+@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
+               net_recv, &conn->sock[sockindex],
+               net_send, &conn->sock[sockindex]);
+ 
+-  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++  if(!data->set.str[STRING_SSL_CIPHER_LIST])
++    ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++  else {
++    /* Convert string input to polarssl cipher id's */
++    char *tmp,
++         *token,
++         *tok_buf;
++
++    memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
++
++    tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
++    if(!tmp)
++      return CURLE_OUT_OF_MEMORY;
++
++    i = 0;
++    for (token = strtok_r(tmp, ":", &tok_buf);
++         token != NULL;
++         token = strtok_r(NULL, ":", &tok_buf)) {
++
++      ciphersuites[i] = ssl_get_ciphersuite_id(token);
++      if (!ciphersuites[i]) {
++        infof(data, "WARNING: failed to set cipher: %s\n", token);
++        /* Do not increase i as the first 0 is the end
++           of the list so we overwrite it with the next
++           valid cipher. Maybe we should fail? */
++        continue;
++      }
++      i++;
++    }
++    free(tmp);
++    /* Beware, polarssl does not make a copy of the ciphersuites
++       so the data needs to be valid during the call. */
++    ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
++  }
++
+   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
+     memcpy(&connssl->ssn, old_session, old_session_size);
+     infof(data, "PolarSSL re-using session\n");
+-- 
+1.9.1
+
http://wald.intevation.org/projects/trustbridge/