[PATCH] Fix force ciphersuites patch
Wald Commits
scm-commit at wald.intevation.org
Tue Sep 2 09:49:30 CEST 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1409644167 -7200
# Node ID c6c8f4ce48f8c04711afc90cf57e0c535fd8df11
# Parent daa9448b64f5419b3611c8f812d9183be95aea71
Fix force ciphersuites patch
diff -r daa9448b64f5 -r c6c8f4ce48f8 patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch Tue Sep 02 09:49:27 2014 +0200
@@ -0,0 +1,77 @@
+From 7b70a13b983979ccf7a672c0065c232cd7dc0c37 Mon Sep 17 00:00:00 2001
+From: Andre Heinecke <aheinecke at intevation.de>
+Date: Tue, 2 Sep 2014 09:48:01 +0200
+Subject: [PATCH] Add possibility to force polarssl ciphersuites.
+
+---
+ lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index 2c40e36..e0cfb90 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -67,6 +67,8 @@
+ #define THREADING_SUPPORT
+ #endif
+
++#define MAX_CIPHERSUITES 255
++
+ #if defined(THREADING_SUPPORT)
+ static entropy_context entropy;
+
+@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
+
+ static Curl_recv polarssl_recv;
+ static Curl_send polarssl_send;
+-
++static int ciphersuites[MAX_CIPHERSUITES + 1];
+
+ static CURLcode
+ polarssl_connect_step1(struct connectdata *conn,
+@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
+ net_recv, &conn->sock[sockindex],
+ net_send, &conn->sock[sockindex]);
+
+- ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++ if(!data->set.str[STRING_SSL_CIPHER_LIST])
++ ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
++ else {
++ /* Convert string input to polarssl cipher id's */
++ char *tmp,
++ *token,
++ *tok_buf;
++ int i = 0;
++
++ memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
++
++ tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
++ if(!tmp)
++ return CURLE_OUT_OF_MEMORY;
++
++ for (token = strtok_r(tmp, ":", &tok_buf);
++ token != NULL;
++ token = strtok_r(NULL, ":", &tok_buf)) {
++
++ ciphersuites[i] = ssl_get_ciphersuite_id(token);
++ if (!ciphersuites[i]) {
++ infof(data, "WARNING: failed to set cipher: %s\n", token);
++ /* Do not increase i as the first 0 is the end
++ of the list so we overwrite it with the next
++ valid cipher. Maybe we should fail? */
++ continue;
++ }
++ i++;
++ }
++ free(tmp);
++ /* Beware, polarssl does not make a copy of the ciphersuites
++ so the data needs to be valid during the call. */
++ ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
++ }
++
+ if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
+ memcpy(&connssl->ssn, old_session, old_session_size);
+ infof(data, "PolarSSL re-using session\n");
+--
+1.9.1
+
diff -r daa9448b64f5 -r c6c8f4ce48f8 patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch
--- a/patches/0003-Add-possibility-to-fore-polarssl-ciphersuites.patch Mon Sep 01 19:49:54 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,77 +0,0 @@
-From 3dc7ab77759878778ae440a31304c736c1ef8cba Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke at intevation.de>
-Date: Mon, 1 Sep 2014 19:43:55 +0200
-Subject: [PATCH 3/3] Add possibility to fore polarssl ciphersuites.
-
----
- lib/vtls/polarssl.c | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
-index 2c40e36..7e806bf 100644
---- a/lib/vtls/polarssl.c
-+++ b/lib/vtls/polarssl.c
-@@ -67,6 +67,8 @@
- #define THREADING_SUPPORT
- #endif
-
-+#define MAX_CIPHERSUITES 255
-+
- #if defined(THREADING_SUPPORT)
- static entropy_context entropy;
-
-@@ -129,7 +131,7 @@ static void polarssl_debug(void *context, int level, const char *line)
-
- static Curl_recv polarssl_recv;
- static Curl_send polarssl_send;
--
-+static int ciphersuites[MAX_CIPHERSUITES + 1];
-
- static CURLcode
- polarssl_connect_step1(struct connectdata *conn,
-@@ -300,7 +302,41 @@ polarssl_connect_step1(struct connectdata *conn,
- net_recv, &conn->sock[sockindex],
- net_send, &conn->sock[sockindex]);
-
-- ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
-+ if(!data->set.str[STRING_SSL_CIPHER_LIST])
-+ ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
-+ else {
-+ /* Convert string input to polarssl cipher id's */
-+ char *tmp,
-+ *token,
-+ *tok_buf;
-+
-+ memset(ciphersuites, 0, MAX_CIPHERSUITES + 1);
-+
-+ tmp = strdup (data->set.str[STRING_SSL_CIPHER_LIST]);
-+ if(!tmp)
-+ return CURLE_OUT_OF_MEMORY;
-+
-+ i = 0;
-+ for (token = strtok_r(tmp, ":", &tok_buf);
-+ token != NULL;
-+ token = strtok_r(NULL, ":", &tok_buf)) {
-+
-+ ciphersuites[i] = ssl_get_ciphersuite_id(token);
-+ if (!ciphersuites[i]) {
-+ infof(data, "WARNING: failed to set cipher: %s\n", token);
-+ /* Do not increase i as the first 0 is the end
-+ of the list so we overwrite it with the next
-+ valid cipher. Maybe we should fail? */
-+ continue;
-+ }
-+ i++;
-+ }
-+ free(tmp);
-+ /* Beware, polarssl does not make a copy of the ciphersuites
-+ so the data needs to be valid during the call. */
-+ ssl_set_ciphersuites(&connssl->ssl, ciphersuites);
-+ }
-+
- if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
- memcpy(&connssl->ssn, old_session, old_session_size);
- infof(data, "PolarSSL re-using session\n");
---
-1.9.1
-
More information about the Trustbridge-commits
mailing list