Loading CHANGES +5 −2 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ Changelog Guenter Knauf (26 Feb 2008) - Kaspar Brand provided a patch to support server name indication (RFC 4366). Daniel S (25 Feb 2008) - Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that forces it to prefer SSLv3. Loading Loading @@ -45,11 +48,11 @@ Daniel S (20 Feb 2008) correctly for a long time and nobody has even noticed, I consider it a very suitable subject for plain removal. And so it was done. Guenter Knauf (19 Feb 2007) Guenter Knauf (19 Feb 2008) - We do no longer support SSLv2 by default since it has known flaws. Kaspar Brand provided a patch for all supported SSL toolkits. Daniel Fandrich (19 Feb 2007) Daniel Fandrich (19 Feb 2008) - Added test309 to test HTTP redirect to HTTPS URL Daniel S (18 Feb 2008) Loading lib/gtls.c +15 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ #include "urldata.h" #include "sendf.h" #include "inet_pton.h" #include "gtls.h" #include "sslgen.h" #include "parsedate.h" Loading Loading @@ -229,6 +230,11 @@ Curl_gtls_connect(struct connectdata *conn, const char *ptr; void *ssl_sessionid; size_t ssl_idsize; #ifdef ENABLE_IPV6 struct in6_addr addr; #else struct in_addr addr; #endif if(!gtls_inited) _Curl_gtls_init(); Loading Loading @@ -275,6 +281,15 @@ Curl_gtls_connect(struct connectdata *conn, /* convenient assign */ session = conn->ssl[sockindex].session; if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name, strlen(conn->host.name)) < 0)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); /* Use default priorities */ rc = gnutls_set_default_priority(session); if(rc < 0) Loading lib/ssluse.c +17 −0 Original line number Diff line number Diff line Loading @@ -1299,6 +1299,13 @@ ossl_connect_step1(struct connectdata *conn, void *ssl_sessionid=NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME #ifdef ENABLE_IPV6 struct in6_addr addr; #else struct in_addr addr; #endif #endif DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); Loading Loading @@ -1456,6 +1463,16 @@ ossl_connect_step1(struct connectdata *conn, connssl->server_cert = 0x0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif !SSL_set_tlsext_host_name(connssl->handle, conn->host.name)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); #endif /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) { /* we got a session id, use it! */ Loading Loading
CHANGES +5 −2 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ Changelog Guenter Knauf (26 Feb 2008) - Kaspar Brand provided a patch to support server name indication (RFC 4366). Daniel S (25 Feb 2008) - Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that forces it to prefer SSLv3. Loading Loading @@ -45,11 +48,11 @@ Daniel S (20 Feb 2008) correctly for a long time and nobody has even noticed, I consider it a very suitable subject for plain removal. And so it was done. Guenter Knauf (19 Feb 2007) Guenter Knauf (19 Feb 2008) - We do no longer support SSLv2 by default since it has known flaws. Kaspar Brand provided a patch for all supported SSL toolkits. Daniel Fandrich (19 Feb 2007) Daniel Fandrich (19 Feb 2008) - Added test309 to test HTTP redirect to HTTPS URL Daniel S (18 Feb 2008) Loading
lib/gtls.c +15 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ #include "urldata.h" #include "sendf.h" #include "inet_pton.h" #include "gtls.h" #include "sslgen.h" #include "parsedate.h" Loading Loading @@ -229,6 +230,11 @@ Curl_gtls_connect(struct connectdata *conn, const char *ptr; void *ssl_sessionid; size_t ssl_idsize; #ifdef ENABLE_IPV6 struct in6_addr addr; #else struct in_addr addr; #endif if(!gtls_inited) _Curl_gtls_init(); Loading Loading @@ -275,6 +281,15 @@ Curl_gtls_connect(struct connectdata *conn, /* convenient assign */ session = conn->ssl[sockindex].session; if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name, strlen(conn->host.name)) < 0)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); /* Use default priorities */ rc = gnutls_set_default_priority(session); if(rc < 0) Loading
lib/ssluse.c +17 −0 Original line number Diff line number Diff line Loading @@ -1299,6 +1299,13 @@ ossl_connect_step1(struct connectdata *conn, void *ssl_sessionid=NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME #ifdef ENABLE_IPV6 struct in6_addr addr; #else struct in_addr addr; #endif #endif DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); Loading Loading @@ -1456,6 +1463,16 @@ ossl_connect_step1(struct connectdata *conn, connssl->server_cert = 0x0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) && #endif !SSL_set_tlsext_host_name(connssl->handle, conn->host.name)) infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); #endif /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) { /* we got a session id, use it! */ Loading
