diff options
| author | Peter Sylvester <peter.sylvester@edelweb.fr> | 2011-03-25 23:09:28 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2011-03-25 23:09:28 +0100 |
| commit | 2531cd94a54292a12de0a6392788d310c1bd899a (patch) | |
| tree | bc2c302b74e26555315a4605e5d7b5228f113369 /lib | |
| parent | 40256ec4d3bbd3fe9e253f9a28a6968e8005e9fa (diff) | |
TSL-SRP: enabled with OpenSSL
If a new enough OpenSSL version is used, configure detects the TLS-SRP
support and enables it.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssluse.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index ec6c02a50..654ffaa9f 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1437,9 +1437,16 @@ ossl_connect_step1(struct connectdata *conn, Curl_ossl_seed(data); /* check to see if we've been told to use an explicit SSL/TLS version */ + switch(data->set.ssl.version) { default: case CURL_SSLVERSION_DEFAULT: +#ifdef USE_TLS_SRP + if (data->set.ssl.authtype == CURL_TLSAUTH_SRP) { + infof(data, "Set version TLSv1 for SRP authorisation\n"); + req_method = TLSv1_client_method() ; + } else +#endif /* we try to figure out version */ req_method = SSLv23_client_method(); use_sni(TRUE); @@ -1449,10 +1456,18 @@ ossl_connect_step1(struct connectdata *conn, use_sni(TRUE); break; case CURL_SSLVERSION_SSLv2: +#ifdef USE_TLS_SRP + if (data->set.ssl.authtype == CURL_TLSAUTH_SRP) + return CURLE_SSL_CONNECT_ERROR; +#endif req_method = SSLv2_client_method(); use_sni(FALSE); break; case CURL_SSLVERSION_SSLv3: +#ifdef USE_TLS_SRP + if (data->set.ssl.authtype == CURL_TLSAUTH_SRP) + return CURLE_SSL_CONNECT_ERROR; +#endif req_method = SSLv3_client_method(); use_sni(FALSE); break; @@ -1547,6 +1562,28 @@ ossl_connect_step1(struct connectdata *conn, } } +#ifdef USE_TLS_SRP + if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) { + infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username); + + if (!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) { + failf(data, "Unable to set SRP user name"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + if (!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) { + failf(data, "failed setting SRP password"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + if(!data->set.str[STRING_SSL_CIPHER_LIST]) { + infof(data, "Setting cipher list SRP\n"); + + if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) { + failf(data, "failed setting SRP cipher list"); + return CURLE_SSL_CIPHER; + } + } + } +#endif if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) { /* tell SSL where to find CA certificates that are used to verify the servers certificate. */ |