cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Peer review! SecureTransport (native SSL on iOS/OS X) patch

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Wed, 27 Jun 2012 08:39:19 +0200

Thanks for incorporating my suggestions and the patch!

2012/6/26 Nick Zitzmann <nick_at_chronosnet.com>:
>> - In st_connect_step1 replace multiple calls to
>> SSLSetProtocolVersionEnabled with an internal variable and just one
>> call to SSLSetProtocolVersionEnabled.
>
> That is unfortunately a necessary evil. I would have implemented this using a bit-mask if Apple had given me a way to do that, but they didn't, so we have to call it multiple times, first to turn off everything, and then again to turn on the ones we want to enable.

It's okay to call it once to turn of everything else, but I meant the
separate calls in the switch cases. First of all I think that
CURL_SSLVERSION_DEFAULT could probably be changed to leave the
original setting alone and don't unset everything else. Second of all
I think that CURL_SSLVERSION_TLSv1, CURL_SSLVERSION_SSLv2 and
CURL_SSLVERSION_SSLv3 could just set a variable to the corresponding
k*Protocol* define which could then be passed into the function. Since
you are using break statements, only one of these protocols will be
enabled, anyway. Only the default case is different.

I hope this clears up my thoughts on this.

Best regards,
Marc

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-27