mirror of https://github.com/moparisthebest/curl
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled explicitly.
This commit is contained in:
parent
9a0c9cd6e1
commit
5f19822e37
5
CHANGES
5
CHANGES
|
@ -6,6 +6,11 @@
|
||||||
|
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
Daniel Stenberg (18 Mar 2009)
|
||||||
|
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
|
||||||
|
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
|
||||||
|
explicitly.
|
||||||
|
|
||||||
Daniel Stenberg (13 Mar 2009)
|
Daniel Stenberg (13 Mar 2009)
|
||||||
- Use libssh2_version() to present the libssh2 version in case the libssh2
|
- Use libssh2_version() to present the libssh2 version in case the libssh2
|
||||||
library is found to support it.
|
library is found to support it.
|
||||||
|
|
|
@ -22,6 +22,7 @@ This release includes the following bugfixes:
|
||||||
o curl_easy_duphandle() failed to duplicate cookies at times
|
o curl_easy_duphandle() failed to duplicate cookies at times
|
||||||
o missing TELNET timeout support in Windows builds
|
o missing TELNET timeout support in Windows builds
|
||||||
o missing Curl_read() and write callback result checking in TELNET transfers
|
o missing Curl_read() and write callback result checking in TELNET transfers
|
||||||
|
o more ciphers enabled in libcurl built to use NSS
|
||||||
|
|
||||||
This release includes the following known bugs:
|
This release includes the following known bugs:
|
||||||
|
|
||||||
|
@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
|
||||||
advice from friends like these:
|
advice from friends like these:
|
||||||
|
|
||||||
Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
|
Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
|
||||||
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico
|
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico,
|
||||||
|
Kamil Dudka
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
|
23
lib/nss.c
23
lib/nss.c
|
@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
|
||||||
|
they are enabled explicitly */
|
||||||
|
static const int enable_ciphers_by_default[] = {
|
||||||
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||||
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
SSL_NULL_WITH_NULL_NULL
|
||||||
|
};
|
||||||
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
||||||
static const char* pem_library = "libnsspem.so";
|
static const char* pem_library = "libnsspem.so";
|
||||||
#endif
|
#endif
|
||||||
|
@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
#endif
|
#endif
|
||||||
char *certDir = NULL;
|
char *certDir = NULL;
|
||||||
int curlerr;
|
int curlerr;
|
||||||
|
const int *cipher_to_enable;
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
curlerr = CURLE_SSL_CONNECT_ERROR;
|
||||||
|
|
||||||
|
@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
|
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
/* enable all ciphers from enable_ciphers_by_default */
|
||||||
|
cipher_to_enable = enable_ciphers_by_default;
|
||||||
|
while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
|
||||||
|
if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
|
||||||
|
curlerr = CURLE_SSL_CIPHER;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
cipher_to_enable++;
|
||||||
|
}
|
||||||
|
|
||||||
if(data->set.ssl.cipher_list) {
|
if(data->set.ssl.cipher_list) {
|
||||||
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
|
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
|
||||||
curlerr = CURLE_SSL_CIPHER;
|
curlerr = CURLE_SSL_CIPHER;
|
||||||
|
|
Loading…
Reference in New Issue