nss: allow to use TLS > 1.0 if built against recent NSS

Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html
author: Kamil Dudka <kdudka@redhat.com> 2013-11-25 16:25:15 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2013-12-02 15:00:13 +0100
commit: 7fc9325a52a6dad1f8b859a3269472ffc125edd0 (patch)
tree: bcaa8d02dce68d656203691bb3189982a54629f3
parent: 4fb8241add5b68e95fbf44d3c2bf470201a9915d (diff)
2 files changed, 24 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index bb9c5bb4e..133c1daa8 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
  o curl_easy_setopt: Added the ability to set the login options separately
  o smtp: Added support for additional SMTP commands
  o curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
+ o nss: allow to use TLS > 1.0 if built against recent NSS [18]
 
 This release includes the following bugfixes:
 
@@ -88,3 +89,4 @@ References to bug reports and discussions on issues:
  [15] = http://curl.haxx.se/bug/view.cgi?id=1304
  [16] = http://curl.haxx.se/bug/view.cgi?id=1305
  [17] = http://curl.haxx.se/bug/view.cgi?id=1297
+ [18] = http://curl.haxx.se/mail/lib-2013-11/0162.html
diff --git a/lib/nss.c b/lib/nss.c
index d16d063f3..b4aa784c4 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1228,7 +1228,13 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
 
   case CURL_SSLVERSION_TLSv1:
     sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+#elif defined SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+#else
     sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+#endif
     return CURLE_OK;
 
   case CURL_SSLVERSION_SSLv2:
@@ -1242,8 +1248,24 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
     return CURLE_OK;
 
   case CURL_SSLVERSION_TLSv1_0:
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+    return CURLE_OK;
+
   case CURL_SSLVERSION_TLSv1_1:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_1;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+    return CURLE_OK;
+#endif
+    break;
+
   case CURL_SSLVERSION_TLSv1_2:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_2;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+    return CURLE_OK;
+#endif
     break;
   }
author	Kamil Dudka <kdudka@redhat.com>	2013-11-25 16:25:15 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2013-12-02 15:00:13 +0100
commit	7fc9325a52a6dad1f8b859a3269472ffc125edd0 (patch)
tree	bcaa8d02dce68d656203691bb3189982a54629f3
parent	4fb8241add5b68e95fbf44d3c2bf470201a9915d (diff)