From d288222e80f1d6d250fe8b6d40f3b43c8a715da6 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 2 Jun 2003 13:27:03 +0000
Subject: work-around SSL implementation flaws better, pointed out in bug
 report #745122.

---
 lib/ssluse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'lib/ssluse.c')

diff --git a/lib/ssluse.c b/lib/ssluse.c
index a15649be9..d520a2b54 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -785,6 +785,16 @@ Curl_SSLConnect(struct connectdata *conn)
     failf(data, "SSL: couldn't create a context!");
     return CURLE_OUT_OF_MEMORY;
   }
+
+  /* OpenSSL contains code to work-around lots of bugs and flaws in various
+     SSL-implementations. SSL_CTX_set_options() is used to enabled those
+     work-arounds. The man page for this option states that SSL_OP_ALL enables
+     ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+     enable the bug workaround options if compatibility with somewhat broken
+     implementations is desired."
+
+  */
+  SSL_CTX_set_options(conn->ssl.ctx, SSL_OP_ALL);
     
   if(data->set.cert) {
     if (!cert_stuff(conn,
-- 
cgit v1.2.3