--ssl-allow-beast added

This new option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols. It uses the new libcurl option CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.
2012-02-06 22:25:04 +01:00
parent 2a699bc6e9
commit 62d15f159e
5 changed files with 20 additions and 4 deletions
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -202,6 +202,7 @@ static const struct LongShort aliases[]= {
  {"Ek", "tlsuser",                  TRUE},
  {"El", "tlspassword",              TRUE},
  {"Em", "tlsauthtype",              TRUE},
+  {"En", "ssl-no-empty-fragments",   FALSE},
  {"f",  "fail",                     FALSE},
  {"F",  "form",                     TRUE},
  {"Fs", "form-string",              TRUE},
@@ -1144,6 +1145,10 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
        else
          return PARAM_LIBCURL_DOESNT_SUPPORT;
        break;
+      case 'n': /* no empty SSL fragments */
+        if(curlinfo->features & CURL_VERSION_SSL)
+          config->ssl_allow_beast = toggle;
+        break;
      default: /* certificate file */
      {
        char *ptr = strchr(nextarg, ':');