- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when (5f19822e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,11 @@

		Changelog

		Daniel Stenberg (18 Mar 2009)
		- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
		NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
		explicitly.

		Daniel Stenberg (13 Mar 2009)
		- Use libssh2_version() to present the libssh2 version in case the libssh2
		library is found to support it.

+3 −1

Original line number	Diff line number	Diff line
		@@ -22,6 +22,7 @@ This release includes the following bugfixes:
		o curl_easy_duphandle() failed to duplicate cookies at times
		o missing TELNET timeout support in Windows builds
		o missing Curl_read() and write callback result checking in TELNET transfers
		o more ciphers enabled in libcurl built to use NSS

		This release includes the following known bugs:

		@@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
		advice from friends like these:

		Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
		Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico
		Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico,
		Kamil Dudka

		Thanks! (and sorry if I forgot to mention someone)

+23 −0

Original line number	Diff line number	Diff line
		@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
		#endif
		};

		/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
		they are enabled explicitly */
		static const int enable_ciphers_by_default[] = {
		TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
		TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
		TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
		TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
		TLS_RSA_WITH_AES_128_CBC_SHA,
		TLS_RSA_WITH_AES_256_CBC_SHA,
		SSL_NULL_WITH_NULL_NULL
		};

		#ifdef HAVE_PK11_CREATEGENERICOBJECT
		static const char* pem_library = "libnsspem.so";
		#endif
		@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
		#endif
		char *certDir = NULL;
		int curlerr;
		const int *cipher_to_enable;

		curlerr = CURLE_SSL_CONNECT_ERROR;

		@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
		if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
		goto error;

		/* enable all ciphers from enable_ciphers_by_default */
		cipher_to_enable = enable_ciphers_by_default;
		while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
		if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
		curlerr = CURLE_SSL_CIPHER;
		goto error;
		}
		cipher_to_enable++;
		}

		if(data->set.ssl.cipher_list) {
		if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
		curlerr = CURLE_SSL_CIPHER;