1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when

NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.
This commit is contained in:
Daniel Stenberg 2009-03-18 12:48:51 +00:00
parent 9a0c9cd6e1
commit 5f19822e37
3 changed files with 31 additions and 1 deletions

View File

@ -6,6 +6,11 @@
Changelog
Daniel Stenberg (18 Mar 2009)
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
Daniel Stenberg (13 Mar 2009)
- Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.

View File

@ -22,6 +22,7 @@ This release includes the following bugfixes:
o curl_easy_duphandle() failed to duplicate cookies at times
o missing TELNET timeout support in Windows builds
o missing Curl_read() and write callback result checking in TELNET transfers
o more ciphers enabled in libcurl built to use NSS
This release includes the following known bugs:
@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico,
Kamil Dudka
Thanks! (and sorry if I forgot to mention someone)

View File

@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
#endif
};
/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
they are enabled explicitly */
static const int enable_ciphers_by_default[] = {
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
SSL_NULL_WITH_NULL_NULL
};
#ifdef HAVE_PK11_CREATEGENERICOBJECT
static const char* pem_library = "libnsspem.so";
#endif
@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
#endif
char *certDir = NULL;
int curlerr;
const int *cipher_to_enable;
curlerr = CURLE_SSL_CONNECT_ERROR;
@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
goto error;
/* enable all ciphers from enable_ciphers_by_default */
cipher_to_enable = enable_ciphers_by_default;
while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;
goto error;
}
cipher_to_enable++;
}
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;