cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH 3/3] nss: allow to use TLS > 1.0 if built against recent NSS

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 25 Nov 2013 16:46:28 +0100

Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html

---
 RELEASE-NOTES |    2 ++
 lib/nss.c     |   22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b23ef39..038eb06 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
  o curl_easy_setopt: Added the ability to set the login options separately
  o smtp: Added support for additional SMTP commands
  o curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
+ o nss: allow to use TLS > 1.0 if built against recent NSS [16]
 
 This release includes the following bugfixes:
 
@@ -82,3 +83,4 @@ References to bug reports and discussions on issues:
  [13] = http://sourceforge.net/p/curl/bugs/1299
  [14] = http://curl.haxx.se/mail/lib-2013-11/0076.html
  [15] = http://curl.haxx.se/bug/view.cgi?id=1304
+ [16] = http://curl.haxx.se/mail/lib-2013-11/0162.html
diff --git a/lib/nss.c b/lib/nss.c
index 99d68a9..bd9f937 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1227,7 +1227,13 @@ CURLcode nss_init_sslver(SSLVersionRange *sslver, struct SessionHandle *data)
 
   case CURL_SSLVERSION_TLSv1:
     sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+#elif defined SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+#else
     sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+#endif
     return CURLE_OK;
 
   case CURL_SSLVERSION_SSLv2:
@@ -1241,8 +1247,24 @@ CURLcode nss_init_sslver(SSLVersionRange *sslver, struct SessionHandle *data)
     return CURLE_OK;
 
   case CURL_SSLVERSION_TLSv1_0:
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+    return CURLE_OK;
+
   case CURL_SSLVERSION_TLSv1_1:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_1;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+    return CURLE_OK;
+#endif
+    break;
+
   case CURL_SSLVERSION_TLSv1_2:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_2;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+    return CURLE_OK;
+#endif
     break;
   }
 
-- 
1.7.1
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-11-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Several download mirrors appear defunct"
Previous message: Kamil Dudka: "[PATCH 1/3] nss: use a better API for controlling SSL version"
In reply to: James Cloos: "Re: Cannot negotiate TLS/1.1 or 1.2 with nss."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]