cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH v2] nss: try to reconnect in case of TLS intolerant server

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 22 Oct 2009 13:03:34 +0200

On Wed October 21 2009 14:43:13 Kaspar Brand wrote:
> Would you be able/willing to compile curl against a patched version of
> NSS? The attached diff is a first try to add an
> SSL_DISABLE_TLS_EXTENSIONS option to NSS... in lib/nss.c, you could then
> simply turn them off with
>
> if (data->state.tls_broken_server
> && SSL_OptionSet(model, SSL_DISABLE_TLS_EXTENSIONS, PR_TRUE))
> goto error;
>
> (you wouldn't have to turn "tlsv1" off, and the SSL_V2_COMPATIBLE_HELLO
> line can also be left as is)

Thanks for contributing it! I've just tested your patch for NSS and it looks
like it solves the problem. However I'll need to spend some additional time
playing with it before I raise the issue at upstream bugzilla or whatever.
Thanks in advance for being patient!

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-10-22