diff --git a/CHANGES b/CHANGES index 4a5e29430cd77eb5d3fe2b58bb1222b3f9f5aa9d..886e4c613f08f546584a9bd297504d2fb3882ebf 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changelog +Daniel S (25 Feb 2008) +- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that + forces it to prefer SSLv3. + Daniel S (23 Feb 2008) - Sam Listopad provided a patch in feature-request #1900014 http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0127a1308e64b1cf4efa6fc826a3eae31bd0767c..71195e25aecb78b99f96c96bf7fb9f3b953435f4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -31,6 +31,7 @@ This release includes the following bugfixes: o bad re-use of SSL connections in non-complete state o test case 405 failures with GnuTLS builds o crash when connection cache size is 1 and Curl_do() failed + o GnuTLS-built libcurl can now be forced to prefer SSLv3 This release includes the following known bugs: diff --git a/lib/gtls.c b/lib/gtls.c index 05efd11c73a7bce4dd143a018f730b78dc06d450..01e8e97a463c6da7f5601e38f1aced7fb1811e6d 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -233,7 +233,7 @@ Curl_gtls_connect(struct connectdata *conn, if(!gtls_inited) _Curl_gtls_init(); - /* GnuTLS only supports TLSv1 (and SSLv3?) */ + /* GnuTLS only supports SSLv3 and TLSv1 */ if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { failf(data, "GnuTLS does not support SSLv2"); return CURLE_SSL_CONNECT_ERROR; @@ -280,6 +280,13 @@ Curl_gtls_connect(struct connectdata *conn, if(rc < 0) return CURLE_SSL_CONNECT_ERROR; + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { + int protocol_priority[] = { GNUTLS_SSL3, 0 }; + gnutls_protocol_set_priority(session, protocol_priority); + if(rc < 0) + return CURLE_SSL_CONNECT_ERROR; + } + /* Sets the priority on the certificate types supported by gnutls. Priority is higher for types specified before others. After specifying the types you want, you must append a 0. */