- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled explicitly.
This commit is contained in:
Daniel Stenberg
Родитель
9a0c9cd6e1
Коммит
5f19822e37
5
CHANGES
5
CHANGES
|
|
@ -6,6 +6,11 @@
|
|||
|
||||
Changelog
|
||||
|
||||
Daniel Stenberg (18 Mar 2009)
|
||||
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
|
||||
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
|
||||
explicitly.
|
||||
|
||||
Daniel Stenberg (13 Mar 2009)
|
||||
- Use libssh2_version() to present the libssh2 version in case the libssh2
|
||||
library is found to support it.
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ This release includes the following bugfixes:
|
|||
o curl_easy_duphandle() failed to duplicate cookies at times
|
||||
o missing TELNET timeout support in Windows builds
|
||||
o missing Curl_read() and write callback result checking in TELNET transfers
|
||||
o more ciphers enabled in libcurl built to use NSS
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
|
|
@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
|
|||
advice from friends like these:
|
||||
|
||||
Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
|
||||
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico
|
||||
Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico,
|
||||
Kamil Dudka
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
|
|
|||
23
lib/nss.c
23
lib/nss.c
|
|
@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
|
|||
#endif
|
||||
};
|
||||
|
||||
/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
|
||||
they are enabled explicitly */
|
||||
static const int enable_ciphers_by_default[] = {
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_NULL_WITH_NULL_NULL
|
||||
};
|
||||
|
||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
||||
static const char* pem_library = "libnsspem.so";
|
||||
#endif
|
||||
|
|
@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|||
#endif
|
||||
char *certDir = NULL;
|
||||
int curlerr;
|
||||
const int *cipher_to_enable;
|
||||
|
||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
||||
|
||||
|
|
@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|||
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
/* enable all ciphers from enable_ciphers_by_default */
|
||||
cipher_to_enable = enable_ciphers_by_default;
|
||||
while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
|
||||
if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
|
||||
curlerr = CURLE_SSL_CIPHER;
|
||||
goto error;
|
||||
}
|
||||
cipher_to_enable++;
|
||||
}
|
||||
|
||||
if(data->set.ssl.cipher_list) {
|
||||
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
|
||||
curlerr = CURLE_SSL_CIPHER;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче