|
 |
df4d89 |
diff -up sblim-wbemcli-1.6.1/CimCurl.cpp.orig sblim-wbemcli-1.6.1/CimCurl.cpp
|
|
|
df4d89 |
--- sblim-wbemcli-1.6.1/CimCurl.cpp.orig 2009-03-04 20:10:54.000000000 +0100
|
|
|
df4d89 |
+++ sblim-wbemcli-1.6.1/CimCurl.cpp 2015-08-10 13:59:47.312019828 +0200
|
|
|
df4d89 |
@@ -165,8 +165,36 @@ void CimomCurl::genRequest(URL &url, con
|
|
|
df4d89 |
rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYHOST, 0);
|
|
|
df4d89 |
// rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYPEER, 0);
|
|
|
df4d89 |
|
|
|
df4d89 |
- /* Force using SSL V3 */
|
|
|
df4d89 |
- rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, 3);
|
|
|
df4d89 |
+ /* Force use of a specific SSL/TLS version */
|
|
|
df4d89 |
+ char * curlSslVer = getenv("WBEMCLI_CURL_SSLVERSION");
|
|
|
df4d89 |
+ if (curlSslVer) {
|
|
|
df4d89 |
+ if (!strcasecmp(curlSslVer,"SSLv2"))
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
|
|
|
df4d89 |
+ else if (!strcasecmp(curlSslVer,"SSLv3"))
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
|
|
|
df4d89 |
+ else if (!strcasecmp(curlSslVer,"TLSv1"))
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
|
|
|
df4d89 |
+ else if (!strcasecmp(curlSslVer,"TLSv1.0") || !strcasecmp(curlSslVer,"TLSv1_0"))
|
|
|
df4d89 |
+#if LIBCURL_VERSION_NUM >= 0x072200
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
|
|
|
df4d89 |
+#else
|
|
|
df4d89 |
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.0 requires libcurl 7.34 or greater");
|
|
|
df4d89 |
+#endif
|
|
|
df4d89 |
+ else if (!strcasecmp(curlSslVer,"TLSv1.1") || !strcasecmp(curlSslVer,"TLSv1_1"))
|
|
|
df4d89 |
+#if LIBCURL_VERSION_NUM >= 0x072200
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
|
|
|
df4d89 |
+#else
|
|
|
df4d89 |
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.1 requires libcurl 7.34 or greater");
|
|
|
df4d89 |
+#endif
|
|
|
df4d89 |
+ else if (!strcasecmp(curlSslVer,"TLSv1.2") || !strcasecmp(curlSslVer,"TLSv1_2"))
|
|
|
df4d89 |
+#if LIBCURL_VERSION_NUM >= 0x072200
|
|
|
df4d89 |
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
|
|
|
df4d89 |
+#else
|
|
|
df4d89 |
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.2 requires libcurl 7.34 or greater");
|
|
|
df4d89 |
+#endif
|
|
|
df4d89 |
+ else
|
|
|
df4d89 |
+ throw URLException("unknown WBEMCLI_CURL_SSLVERSION");
|
|
|
df4d89 |
+ }
|
|
|
df4d89 |
|
|
|
df4d89 |
/* Set username and password */
|
|
|
df4d89 |
if (url.user.length() > 0 && url.password.length() > 0) {
|
|
|
df4d89 |
diff -up sblim-wbemcli-1.6.1/man/wbemcli.1.pre.in.orig sblim-wbemcli-1.6.1/man/wbemcli.1.pre.in
|
|
|
df4d89 |
--- sblim-wbemcli-1.6.1/man/wbemcli.1.pre.in.orig 2015-08-10 14:00:11.217163540 +0200
|
|
|
df4d89 |
+++ sblim-wbemcli-1.6.1/man/wbemcli.1.pre.in 2015-08-10 14:00:31.215283763 +0200
|
|
|
df4d89 |
@@ -554,6 +554,13 @@ The example in the previous section can
|
|
|
df4d89 |
wbemcli gi 'myCimom/root/cimv2:rpm_package.name="glibc"'
|
|
|
df4d89 |
.PP
|
|
|
df4d89 |
|
|
|
df4d89 |
+.SH ENVIRONMENT
|
|
|
df4d89 |
+.TP
|
|
|
df4d89 |
+.B WBEMCLI_CURL_SSLVERSION
|
|
|
df4d89 |
+Specifies the SSL protocol that will be used.
|
|
|
df4d89 |
+Valid values are SSLv2, SSLv3, TLSv1, TLSv1.0, TLSv1.1 or TLSv1.2.
|
|
|
df4d89 |
+If this variable is not set, wbemcli will attempt to figure out the
|
|
|
df4d89 |
+remote SSL protocol version.
|
|
|
df4d89 |
.SH FILES
|
|
|
df4d89 |
.TP
|
|
|
df4d89 |
.I @CACERT@
|