diff options
author | Kamil Dudka <kdudka@redhat.com> | 2013-11-25 16:14:55 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2013-12-02 15:00:13 +0100 |
commit | 4fb8241add5b68e95fbf44d3c2bf470201a9915d (patch) | |
tree | c43536ff715f674513cf4d93cd8a736657970acb | |
parent | 30e7e7552ba4397896ecac82ea04f38d52c4cc8f (diff) |
nss: put SSL version selection into separate fnc
-rw-r--r-- | lib/nss.c | 72 |
1 files changed, 42 insertions, 30 deletions
@@ -1211,6 +1211,46 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn, return CURLE_OK; } +static CURLcode nss_init_sslver(SSLVersionRange *sslver, + struct SessionHandle *data) +{ + switch (data->set.ssl.version) { + default: + case CURL_SSLVERSION_DEFAULT: + sslver->min = SSL_LIBRARY_VERSION_3_0; + if(data->state.ssl_connect_retry) { + infof(data, "TLS disabled due to previous handshake failure\n"); + sslver->max = SSL_LIBRARY_VERSION_3_0; + } + else + sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; + return CURLE_OK; + + case CURL_SSLVERSION_TLSv1: + sslver->min = SSL_LIBRARY_VERSION_TLS_1_0; + sslver->max = SSL_LIBRARY_VERSION_TLS_1_0; + return CURLE_OK; + + case CURL_SSLVERSION_SSLv2: + sslver->min = SSL_LIBRARY_VERSION_2; + sslver->max = SSL_LIBRARY_VERSION_2; + return CURLE_OK; + + case CURL_SSLVERSION_SSLv3: + sslver->min = SSL_LIBRARY_VERSION_3_0; + sslver->max = SSL_LIBRARY_VERSION_3_0; + return CURLE_OK; + + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + break; + } + + failf(data, "TLS minor version cannot be set"); + return CURLE_SSL_CONNECT_ERROR; +} + CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) { PRErrorCode err = 0; @@ -1287,37 +1327,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) goto error; - switch (data->set.ssl.version) { - default: - case CURL_SSLVERSION_DEFAULT: - sslver.min = SSL_LIBRARY_VERSION_3_0; - if(data->state.ssl_connect_retry) { - infof(data, "TLS disabled due to previous handshake failure\n"); - sslver.max = SSL_LIBRARY_VERSION_3_0; - } - else - sslver.max = SSL_LIBRARY_VERSION_TLS_1_0; - break; - case CURL_SSLVERSION_TLSv1: - sslver.min = SSL_LIBRARY_VERSION_TLS_1_0; - sslver.max = SSL_LIBRARY_VERSION_TLS_1_0; - break; - case CURL_SSLVERSION_SSLv2: - sslver.min = SSL_LIBRARY_VERSION_2; - sslver.max = SSL_LIBRARY_VERSION_2; - break; - case CURL_SSLVERSION_SSLv3: - sslver.min = SSL_LIBRARY_VERSION_3_0; - sslver.max = SSL_LIBRARY_VERSION_3_0; - break; - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - failf(data, "TLS minor version cannot be set\n"); - curlerr = CURLE_SSL_CONNECT_ERROR; + /* enable/disable the requested SSL version(s) */ + if(nss_init_sslver(&sslver, data) != CURLE_OK) goto error; - } - if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) goto error; |