From d288222e80f1d6d250fe8b6d40f3b43c8a715da6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 2 Jun 2003 13:27:03 +0000 Subject: [PATCH] work-around SSL implementation flaws better, pointed out in bug report #745122. --- lib/ssluse.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/ssluse.c b/lib/ssluse.c index a15649be9..d520a2b54 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -785,6 +785,16 @@ Curl_SSLConnect(struct connectdata *conn) failf(data, "SSL: couldn't create a context!"); return CURLE_OUT_OF_MEMORY; } + + /* OpenSSL contains code to work-around lots of bugs and flaws in various + SSL-implementations. SSL_CTX_set_options() is used to enabled those + work-arounds. The man page for this option states that SSL_OP_ALL enables + ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to + enable the bug workaround options if compatibility with somewhat broken + implementations is desired." + + */ + SSL_CTX_set_options(conn->ssl.ctx, SSL_OP_ALL); if(data->set.cert) { if (!cert_stuff(conn,