aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2013-11-25 16:14:55 +0100
committerKamil Dudka <kdudka@redhat.com>2013-12-02 15:00:13 +0100
commit4fb8241add5b68e95fbf44d3c2bf470201a9915d (patch)
treec43536ff715f674513cf4d93cd8a736657970acb /lib
parent30e7e7552ba4397896ecac82ea04f38d52c4cc8f (diff)
nss: put SSL version selection into separate fnc
Diffstat (limited to 'lib')
-rw-r--r--lib/nss.c72
1 files changed, 42 insertions, 30 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 9b0d43eb5..d16d063f3 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1211,6 +1211,46 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
return CURLE_OK;
}
+static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+ struct SessionHandle *data)
+{
+ switch (data->set.ssl.version) {
+ default:
+ case CURL_SSLVERSION_DEFAULT:
+ sslver->min = SSL_LIBRARY_VERSION_3_0;
+ if(data->state.ssl_connect_retry) {
+ infof(data, "TLS disabled due to previous handshake failure\n");
+ sslver->max = SSL_LIBRARY_VERSION_3_0;
+ }
+ else
+ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1:
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_SSLv2:
+ sslver->min = SSL_LIBRARY_VERSION_2;
+ sslver->max = SSL_LIBRARY_VERSION_2;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_SSLv3:
+ sslver->min = SSL_LIBRARY_VERSION_3_0;
+ sslver->max = SSL_LIBRARY_VERSION_3_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ break;
+ }
+
+ failf(data, "TLS minor version cannot be set");
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{
PRErrorCode err = 0;
@@ -1287,37 +1327,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
goto error;
- switch (data->set.ssl.version) {
- default:
- case CURL_SSLVERSION_DEFAULT:
- sslver.min = SSL_LIBRARY_VERSION_3_0;
- if(data->state.ssl_connect_retry) {
- infof(data, "TLS disabled due to previous handshake failure\n");
- sslver.max = SSL_LIBRARY_VERSION_3_0;
- }
- else
- sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
- break;
- case CURL_SSLVERSION_TLSv1:
- sslver.min = SSL_LIBRARY_VERSION_TLS_1_0;
- sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
- break;
- case CURL_SSLVERSION_SSLv2:
- sslver.min = SSL_LIBRARY_VERSION_2;
- sslver.max = SSL_LIBRARY_VERSION_2;
- break;
- case CURL_SSLVERSION_SSLv3:
- sslver.min = SSL_LIBRARY_VERSION_3_0;
- sslver.max = SSL_LIBRARY_VERSION_3_0;
- break;
- case CURL_SSLVERSION_TLSv1_0:
- case CURL_SSLVERSION_TLSv1_1:
- case CURL_SSLVERSION_TLSv1_2:
- failf(data, "TLS minor version cannot be set\n");
- curlerr = CURLE_SSL_CONNECT_ERROR;
+ /* enable/disable the requested SSL version(s) */
+ if(nss_init_sslver(&sslver, data) != CURLE_OK)
goto error;
- }
-
if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
goto error;