curl-library
[PATCH 2/3] nss: put SSL version selection into separate fnc
From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 25 Nov 2013 16:46:27 +0100
Date: Mon, 25 Nov 2013 16:46:27 +0100
--- lib/nss.c | 71 +++++++++++++++++++++++++++++++++++------------------------- 1 files changed, 41 insertions(+), 30 deletions(-) diff --git a/lib/nss.c b/lib/nss.c index 9b0d43e..99d68a9 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1211,6 +1211,45 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn, return CURLE_OK; } +CURLcode nss_init_sslver(SSLVersionRange *sslver, struct SessionHandle *data) +{ + switch (data->set.ssl.version) { + default: + case CURL_SSLVERSION_DEFAULT: + sslver->min = SSL_LIBRARY_VERSION_3_0; + if(data->state.ssl_connect_retry) { + infof(data, "TLS disabled due to previous handshake failure\n"); + sslver->max = SSL_LIBRARY_VERSION_3_0; + } + else + sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; + return CURLE_OK; + + case CURL_SSLVERSION_TLSv1: + sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; + sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; + return CURLE_OK; + + case CURL_SSLVERSION_SSLv2: + sslver->min = SSL_LIBRARY_VERSION_2; + sslver->max = SSL_LIBRARY_VERSION_2; + return CURLE_OK; + + case CURL_SSLVERSION_SSLv3: + sslver->min = SSL_LIBRARY_VERSION_3_0; + sslver->max = SSL_LIBRARY_VERSION_3_0; + return CURLE_OK; + + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + break; + } + + failf(data, "TLS minor version cannot be set"); + return CURLE_SSL_CONNECT_ERROR; +} + CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) { PRErrorCode err = 0; @@ -1287,37 +1326,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) goto error; - switch (data->set.ssl.version) { - default: - case CURL_SSLVERSION_DEFAULT: - sslver.min = SSL_LIBRARY_VERSION_3_0; - if(data->state.ssl_connect_retry) { - infof(data, "TLS disabled due to previous handshake failure\n"); - sslver.max = SSL_LIBRARY_VERSION_3_0; - } - else - sslver.max = SSL_LIBRARY_VERSION_TLS_1_0; - break; - case CURL_SSLVERSION_TLSv1: - sslver.min = SSL_LIBRARY_VERSION_TLS_1_0; - sslver.max = SSL_LIBRARY_VERSION_TLS_1_0; - break; - case CURL_SSLVERSION_SSLv2: - sslver.min = SSL_LIBRARY_VERSION_2; - sslver.max = SSL_LIBRARY_VERSION_2; - break; - case CURL_SSLVERSION_SSLv3: - sslver.min = SSL_LIBRARY_VERSION_3_0; - sslver.max = SSL_LIBRARY_VERSION_3_0; - break; - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - failf(data, "TLS minor version cannot be set\n"); - curlerr = CURLE_SSL_CONNECT_ERROR; + /* enable/disable the requested SSL version(s) */ + if(nss_init_sslver(&sslver, data) != CURLE_OK) goto error; - } - if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) goto error; -- 1.7.1 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2013-11-25