diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2008-02-25 07:51:39 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2008-02-25 07:51:39 +0000 |
| commit | 74241e7d852531bc8ee9301fd3e5ec0c5fabc7cf (patch) | |
| tree | e47471dacb29dc1e030a5e4ce46ae4932f36f8ab | |
| parent | 3154f04fb908ddf0066fe1d07cab2bbc0e9e67f4 (diff) | |
- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
forces it to prefer SSLv3.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/gtls.c | 9 |
3 files changed, 13 insertions, 1 deletions
@@ -6,6 +6,10 @@ Changelog +Daniel S (25 Feb 2008) +- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that + forces it to prefer SSLv3. + Daniel S (23 Feb 2008) - Sam Listopad provided a patch in feature-request #1900014 http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0127a1308..71195e25a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -31,6 +31,7 @@ This release includes the following bugfixes: o bad re-use of SSL connections in non-complete state o test case 405 failures with GnuTLS builds o crash when connection cache size is 1 and Curl_do() failed + o GnuTLS-built libcurl can now be forced to prefer SSLv3 This release includes the following known bugs: diff --git a/lib/gtls.c b/lib/gtls.c index 05efd11c7..01e8e97a4 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -233,7 +233,7 @@ Curl_gtls_connect(struct connectdata *conn, if(!gtls_inited) _Curl_gtls_init(); - /* GnuTLS only supports TLSv1 (and SSLv3?) */ + /* GnuTLS only supports SSLv3 and TLSv1 */ if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { failf(data, "GnuTLS does not support SSLv2"); return CURLE_SSL_CONNECT_ERROR; @@ -280,6 +280,13 @@ Curl_gtls_connect(struct connectdata *conn, if(rc < 0) return CURLE_SSL_CONNECT_ERROR; + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { + int protocol_priority[] = { GNUTLS_SSL3, 0 }; + gnutls_protocol_set_priority(session, protocol_priority); + if(rc < 0) + return CURLE_SSL_CONNECT_ERROR; + } + /* Sets the priority on the certificate types supported by gnutls. Priority is higher for types specified before others. After specifying the types you want, you must append a 0. */ |