- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that

forces it to prefer SSLv3.
author: Daniel Stenberg <daniel@haxx.se> 2008-02-25 07:51:39 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2008-02-25 07:51:39 +0000
commit: 74241e7d852531bc8ee9301fd3e5ec0c5fabc7cf (patch)
tree: e47471dacb29dc1e030a5e4ce46ae4932f36f8ab /lib
parent: 3154f04fb908ddf0066fe1d07cab2bbc0e9e67f4 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index 05efd11c7..01e8e97a4 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -233,7 +233,7 @@ Curl_gtls_connect(struct connectdata *conn,
   if(!gtls_inited)
     _Curl_gtls_init();
 
-  /* GnuTLS only supports TLSv1 (and SSLv3?) */
+  /* GnuTLS only supports SSLv3 and TLSv1 */
   if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
     failf(data, "GnuTLS does not support SSLv2");
     return CURLE_SSL_CONNECT_ERROR;
@@ -280,6 +280,13 @@ Curl_gtls_connect(struct connectdata *conn,
   if(rc < 0)
     return CURLE_SSL_CONNECT_ERROR;
 
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
+    int protocol_priority[] = { GNUTLS_SSL3, 0 };
+    gnutls_protocol_set_priority(session, protocol_priority);
+    if(rc < 0)
+      return CURLE_SSL_CONNECT_ERROR;
+  }
+
   /* Sets the priority on the certificate types supported by gnutls. Priority
      is higher for types specified before others. After specifying the types
      you want, you must append a 0. */
author	Daniel Stenberg <daniel@haxx.se>	2008-02-25 07:51:39 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2008-02-25 07:51:39 +0000
commit	74241e7d852531bc8ee9301fd3e5ec0c5fabc7cf (patch)
tree	e47471dacb29dc1e030a5e4ce46ae4932f36f8ab /lib
parent	3154f04fb908ddf0066fe1d07cab2bbc0e9e67f4 (diff)