nss: put SSL version selection into separate fnc

author: Kamil Dudka <kdudka@redhat.com> 2013-11-25 16:14:55 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2013-12-02 15:00:13 +0100
commit: 4fb8241add5b68e95fbf44d3c2bf470201a9915d (patch)
tree: c43536ff715f674513cf4d93cd8a736657970acb /lib/nss.c
parent: 30e7e7552ba4397896ecac82ea04f38d52c4cc8f (diff)
1 files changed, 42 insertions, 30 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 9b0d43eb5..d16d063f3 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1211,6 +1211,46 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
   return CURLE_OK;
 }
 
+static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+                                struct SessionHandle *data)
+{
+  switch (data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    sslver->min = SSL_LIBRARY_VERSION_3_0;
+    if(data->state.ssl_connect_retry) {
+      infof(data, "TLS disabled due to previous handshake failure\n");
+      sslver->max = SSL_LIBRARY_VERSION_3_0;
+    }
+    else
+      sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_TLSv1:
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_SSLv2:
+    sslver->min = SSL_LIBRARY_VERSION_2;
+    sslver->max = SSL_LIBRARY_VERSION_2;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_SSLv3:
+    sslver->min = SSL_LIBRARY_VERSION_3_0;
+    sslver->max = SSL_LIBRARY_VERSION_3_0;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_TLSv1_0:
+  case CURL_SSLVERSION_TLSv1_1:
+  case CURL_SSLVERSION_TLSv1_2:
+    break;
+  }
+
+  failf(data, "TLS minor version cannot be set");
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
 CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
 {
   PRErrorCode err = 0;
@@ -1287,37 +1327,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
     goto error;
 
-  switch (data->set.ssl.version) {
-  default:
-  case CURL_SSLVERSION_DEFAULT:
-    sslver.min = SSL_LIBRARY_VERSION_3_0;
-    if(data->state.ssl_connect_retry) {
-      infof(data, "TLS disabled due to previous handshake failure\n");
-      sslver.max = SSL_LIBRARY_VERSION_3_0;
-    }
-    else
-      sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
-    break;
-  case CURL_SSLVERSION_TLSv1:
-    sslver.min = SSL_LIBRARY_VERSION_TLS_1_0;
-    sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
-    break;
-  case CURL_SSLVERSION_SSLv2:
-    sslver.min = SSL_LIBRARY_VERSION_2;
-    sslver.max = SSL_LIBRARY_VERSION_2;
-    break;
-  case CURL_SSLVERSION_SSLv3:
-    sslver.min = SSL_LIBRARY_VERSION_3_0;
-    sslver.max = SSL_LIBRARY_VERSION_3_0;
-    break;
-  case CURL_SSLVERSION_TLSv1_0:
-  case CURL_SSLVERSION_TLSv1_1:
-  case CURL_SSLVERSION_TLSv1_2:
-    failf(data, "TLS minor version cannot be set\n");
-    curlerr = CURLE_SSL_CONNECT_ERROR;
+  /* enable/disable the requested SSL version(s) */
+  if(nss_init_sslver(&sslver, data) != CURLE_OK)
     goto error;
-  }
-
   if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
     goto error;
author	Kamil Dudka <kdudka@redhat.com>	2013-11-25 16:14:55 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2013-12-02 15:00:13 +0100
commit	4fb8241add5b68e95fbf44d3c2bf470201a9915d (patch)
tree	c43536ff715f674513cf4d93cd8a736657970acb /lib/nss.c
parent	30e7e7552ba4397896ecac82ea04f38d52c4cc8f (diff)