aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2003-06-02 13:27:03 +0000
committerDaniel Stenberg <daniel@haxx.se>2003-06-02 13:27:03 +0000
commitd288222e80f1d6d250fe8b6d40f3b43c8a715da6 (patch)
tree2fdf7a72470fe54ebf0aad34c02d8ed1df9b6d6d
parent4eb2a6c9a3af4cb015f373cc4b39aabba507a000 (diff)
work-around SSL implementation flaws better, pointed out in bug report
#745122.
-rw-r--r--lib/ssluse.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index a15649be9..d520a2b54 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -785,6 +785,16 @@ Curl_SSLConnect(struct connectdata *conn)
failf(data, "SSL: couldn't create a context!");
return CURLE_OUT_OF_MEMORY;
}
+
+ /* OpenSSL contains code to work-around lots of bugs and flaws in various
+ SSL-implementations. SSL_CTX_set_options() is used to enabled those
+ work-arounds. The man page for this option states that SSL_OP_ALL enables
+ ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+ enable the bug workaround options if compatibility with somewhat broken
+ implementations is desired."
+
+ */
+ SSL_CTX_set_options(conn->ssl.ctx, SSL_OP_ALL);
if(data->set.cert) {
if (!cert_stuff(conn,