curl/curl-7.19.4-enable-aes.patch

48 lines
1.5 KiB
Diff
Raw Normal View History

diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
--- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100
+++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100
@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
#endif
};
+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
+ they are enabled explicitly */
+static const int enable_ciphers_by_default[] = {
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ SSL_NULL_WITH_NULL_NULL
+};
+
#ifdef HAVE_PK11_CREATEGENERICOBJECT
static const char* pem_library = "libnsspem.so";
#endif
@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
#endif
char *certDir = NULL;
int curlerr;
+ const int *cipher_to_enable;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
goto error;
+ /* enable all ciphers from enable_ciphers_by_default */
+ cipher_to_enable = enable_ciphers_by_default;
+ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
+ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
+ curlerr = CURLE_SSL_CIPHER;
+ goto error;
+ }
+ cipher_to_enable++;
+ }
+
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;