aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorPaul Howarth <paul@city-fan.org>2018-12-04 10:48:32 +0000
committerDaniel Stenberg <daniel@haxx.se>2018-12-05 15:24:32 +0100
commit71a1442eb2a973164b0c3365be2e0297baa8e91d (patch)
treecc023f8737363c82b739e409ddc8e1c911483684 /lib/vtls
parent6848ea585b34d7f1d3f73c1d6749321fc5843fbe (diff)
nss: Improve info message when falling back SSL protocol
Use descriptive text strings rather than decimal numbers.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/nss.c36
1 files changed, 34 insertions, 2 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 946c69717..79437a284 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -246,6 +246,32 @@ static void nss_print_error_message(struct Curl_easy *data, PRUint32 err)
failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
}
+static char *nss_sslver_to_name(PRUint16 nssver)
+{
+ switch(nssver) {
+ case SSL_LIBRARY_VERSION_2:
+ return strdup("SSLv2");
+ case SSL_LIBRARY_VERSION_3_0:
+ return strdup("SSLv3");
+ case SSL_LIBRARY_VERSION_TLS_1_0:
+ return strdup("TLSv1.0");
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+ case SSL_LIBRARY_VERSION_TLS_1_1:
+ return strdup("TLSv1.1");
+#endif
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+ case SSL_LIBRARY_VERSION_TLS_1_2:
+ return strdup("TLSv1.2");
+#endif
+#ifdef SSL_LIBRARY_VERSION_TLS_1_3
+ case SSL_LIBRARY_VERSION_TLS_1_3:
+ return strdup("TLSv1.3");
+#endif
+ default:
+ return curl_maprintf("0x%04x", nssver);
+ }
+}
+
static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model,
char *cipher_list)
{
@@ -1837,8 +1863,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
&sslver_supported) != SECSuccess)
goto error;
if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) {
- infof(data, "Falling back (from %d) to max supported SSL version (%d)\n",
- sslver.max, sslver_supported.max);
+ char *sslver_req_str, *sslver_supp_str;
+ sslver_req_str = nss_sslver_to_name(sslver.max);
+ sslver_supp_str = nss_sslver_to_name(sslver_supported.max);
+ if(sslver_req_str && sslver_supp_str)
+ infof(data, "Falling back from %s to max supported SSL version (%s)\n",
+ sslver_req_str, sslver_supp_str);
+ free(sslver_req_str);
+ free(sslver_supp_str);
sslver.max = sslver_supported.max;
}
if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)