generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: put SSL version selection into separate fnc

Browse Source
This commit is contained in:
Kamil Dudka
2013-11-25 16:14:55 +01:00
parent 30e7e7552b
commit 4fb8241add
1 changed files with 42 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
lib/nss.c
View File

@@ -1211,6 +1211,46 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
static CURLcode nss_init_sslver(SSLVersionRange *sslver,
struct SessionHandle *data)
{
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
sslver->min = SSL_LIBRARY_VERSION_3_0;
if(data->state.ssl_connect_retry) {
infof(data, "TLS disabled due to previous handshake failure\n");
sslver->max = SSL_LIBRARY_VERSION_3_0;
}
else
sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
return CURLE_OK;
case CURL_SSLVERSION_TLSv1:
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
return CURLE_OK;
case CURL_SSLVERSION_SSLv2:
sslver->min = SSL_LIBRARY_VERSION_2;
sslver->max = SSL_LIBRARY_VERSION_2;
return CURLE_OK;
case CURL_SSLVERSION_SSLv3:
sslver->min = SSL_LIBRARY_VERSION_3_0;
sslver->max = SSL_LIBRARY_VERSION_3_0;
return CURLE_OK;
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
break;
}
failf(data, "TLS minor version cannot be set");
return CURLE_SSL_CONNECT_ERROR;
}
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{ {
PRErrorCode err = 0; PRErrorCode err = 0;
@@ -1287,37 +1327,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
goto error; goto error;
switch (data->set.ssl.version) { /* enable/disable the requested SSL version(s) */
default: if(nss_init_sslver(&sslver, data) != CURLE_OK)
case CURL_SSLVERSION_DEFAULT:
sslver.min = SSL_LIBRARY_VERSION_3_0;
if(data->state.ssl_connect_retry) {
infof(data, "TLS disabled due to previous handshake failure\n");
sslver.max = SSL_LIBRARY_VERSION_3_0;
}
else
sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
break;
case CURL_SSLVERSION_TLSv1:
sslver.min = SSL_LIBRARY_VERSION_TLS_1_0;
sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
break;
case CURL_SSLVERSION_SSLv2:
sslver.min = SSL_LIBRARY_VERSION_2;
sslver.max = SSL_LIBRARY_VERSION_2;
break;
case CURL_SSLVERSION_SSLv3:
sslver.min = SSL_LIBRARY_VERSION_3_0;
sslver.max = SSL_LIBRARY_VERSION_3_0;
break;
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
failf(data, "TLS minor version cannot be set\n");
curlerr = CURLE_SSL_CONNECT_ERROR;
goto error; goto error;
}
if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
goto error; goto error;