From 7fc9325a52a6dad1f8b859a3269472ffc125edd0 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 25 Nov 2013 16:25:15 +0100 Subject: [PATCH] nss: allow to use TLS > 1.0 if built against recent NSS Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html --- RELEASE-NOTES | 2 ++ lib/nss.c | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index bb9c5bb4e..133c1daa8 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: o curl_easy_setopt: Added the ability to set the login options separately o smtp: Added support for additional SMTP commands o curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals + o nss: allow to use TLS > 1.0 if built against recent NSS [18] This release includes the following bugfixes: @@ -88,3 +89,4 @@ References to bug reports and discussions on issues: [15] = http://curl.haxx.se/bug/view.cgi?id=1304 [16] = http://curl.haxx.se/bug/view.cgi?id=1305 [17] = http://curl.haxx.se/bug/view.cgi?id=1297 + [18] = http://curl.haxx.se/mail/lib-2013-11/0162.html diff --git a/lib/nss.c b/lib/nss.c index d16d063f3..b4aa784c4 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1228,7 +1228,13 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, case CURL_SSLVERSION_TLSv1: sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; +#ifdef SSL_LIBRARY_VERSION_TLS_1_2 + sslver->max = SSL_LIBRARY_VERSION_TLS_1_2; +#elif defined SSL_LIBRARY_VERSION_TLS_1_1 + sslver->max = SSL_LIBRARY_VERSION_TLS_1_1; +#else sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; +#endif return CURLE_OK; case CURL_SSLVERSION_SSLv2: @@ -1242,8 +1248,24 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver, return CURLE_OK; case CURL_SSLVERSION_TLSv1_0: + sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; + sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_1: +#ifdef SSL_LIBRARY_VERSION_TLS_1_1 + sslver->min = SSL_LIBRARY_VERSION_TLS_1_1; + sslver->max = SSL_LIBRARY_VERSION_TLS_1_1; + return CURLE_OK; +#endif + break; + case CURL_SSLVERSION_TLSv1_2: +#ifdef SSL_LIBRARY_VERSION_TLS_1_2 + sslver->min = SSL_LIBRARY_VERSION_TLS_1_2; + sslver->max = SSL_LIBRARY_VERSION_TLS_1_2; + return CURLE_OK; +#endif break; }