|
 |
c260e0 |
From ebe7a9186469a5901a91469d107851abfdaa3993 Mon Sep 17 00:00:00 2001
|
|
|
c260e0 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
c260e0 |
Date: Tue, 5 May 2015 18:59:59 +0200
|
|
|
c260e0 |
Subject: [PATCH] nss: use the default min/max TLS version provided by NSS
|
|
|
c260e0 |
|
|
|
c260e0 |
---
|
|
|
c260e0 |
lib/nss.c | 12 +++++++-----
|
|
|
c260e0 |
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
c260e0 |
|
|
|
c260e0 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
c260e0 |
index 0691394..6b7c309 100644
|
|
|
c260e0 |
--- a/lib/nss.c
|
|
|
c260e0 |
+++ b/lib/nss.c
|
|
|
c260e0 |
@@ -1206,7 +1206,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
|
|
c260e0 |
switch (data->set.ssl.version) {
|
|
|
c260e0 |
default:
|
|
|
c260e0 |
case CURL_SSLVERSION_DEFAULT:
|
|
|
c260e0 |
- return CURLE_OK;
|
|
|
c260e0 |
+ break;
|
|
|
c260e0 |
|
|
|
c260e0 |
case CURL_SSLVERSION_TLSv1:
|
|
|
c260e0 |
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
|
|
c260e0 |
@@ -1368,10 +1368,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
|
|
c260e0 |
goto error;
|
|
|
c260e0 |
|
|
|
c260e0 |
/* enable/disable the requested SSL version(s) */
|
|
|
c260e0 |
- if(nss_init_sslver(&sslver, data) != CURLE_OK)
|
|
|
c260e0 |
- goto error;
|
|
|
c260e0 |
- if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
|
|
|
c260e0 |
- goto error;
|
|
|
c260e0 |
+ if(data->set.ssl.version != CURL_SSLVERSION_DEFAULT) {
|
|
|
c260e0 |
+ if(nss_init_sslver(&sslver, data) != CURLE_OK)
|
|
|
c260e0 |
+ goto error;
|
|
|
c260e0 |
+ if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
|
|
|
c260e0 |
+ goto error;
|
|
|
c260e0 |
+ }
|
|
|
c260e0 |
|
|
|
c260e0 |
ssl_cbc_random_iv = !data->set.ssl_enable_beast;
|
|
|
c260e0 |
#ifdef SSL_CBC_RANDOM_IV
|
|
|
c260e0 |
--
|
|
|
c260e0 |
2.4.0
|
|
|
c260e0 |
|