Loading lib/nss.c +13 −0 Original line number Diff line number Diff line Loading @@ -1158,6 +1158,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) PRBool ssl3 = PR_FALSE; PRBool tlsv1 = PR_FALSE; PRBool ssl_no_cache; PRBool ssl_cbc_random_iv; struct SessionHandle *data = conn->data; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Loading Loading @@ -1266,6 +1267,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) goto error; ssl_cbc_random_iv = !data->set.ssl_enable_beast; #ifdef SSL_CBC_RANDOM_IV /* unless the user explicitly asks to allow the protocol vulnerability, we use the work-around */ if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess) infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n", ssl_cbc_random_iv); #else if(ssl_cbc_random_iv) infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n"); #endif /* reset the flag to avoid an infinite loop */ data->state.ssl_connect_retry = FALSE; Loading src/tool_getparam.c +1 −1 Original line number Diff line number Diff line Loading @@ -202,7 +202,7 @@ static const struct LongShort aliases[]= { {"Ek", "tlsuser", TRUE}, {"El", "tlspassword", TRUE}, {"Em", "tlsauthtype", TRUE}, {"En", "ssl-no-empty-fragments", FALSE}, {"En", "ssl-allow-beast", FALSE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, Loading src/tool_help.c +1 −1 Original line number Diff line number Diff line Loading @@ -187,7 +187,7 @@ static const char *const helptext[] = { " --ssl-reqd Require SSL/TLS (FTP, IMAP, POP3, SMTP)", " -2, --sslv2 Use SSLv2 (SSL)", " -3, --sslv3 Use SSLv3 (SSL)", " --ssl-allow-below Allow security flaw to improve interop (SSL)", " --ssl-allow-beast Allow security flaw to improve interop (SSL)", " --stderr FILE Where to redirect stderr. - means stdout", " --tcp-nodelay Use the TCP_NODELAY option", " -t, --telnet-option OPT=VAL Set telnet option", Loading Loading
lib/nss.c +13 −0 Original line number Diff line number Diff line Loading @@ -1158,6 +1158,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) PRBool ssl3 = PR_FALSE; PRBool tlsv1 = PR_FALSE; PRBool ssl_no_cache; PRBool ssl_cbc_random_iv; struct SessionHandle *data = conn->data; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Loading Loading @@ -1266,6 +1267,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) goto error; ssl_cbc_random_iv = !data->set.ssl_enable_beast; #ifdef SSL_CBC_RANDOM_IV /* unless the user explicitly asks to allow the protocol vulnerability, we use the work-around */ if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess) infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n", ssl_cbc_random_iv); #else if(ssl_cbc_random_iv) infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n"); #endif /* reset the flag to avoid an infinite loop */ data->state.ssl_connect_retry = FALSE; Loading
src/tool_getparam.c +1 −1 Original line number Diff line number Diff line Loading @@ -202,7 +202,7 @@ static const struct LongShort aliases[]= { {"Ek", "tlsuser", TRUE}, {"El", "tlspassword", TRUE}, {"Em", "tlsauthtype", TRUE}, {"En", "ssl-no-empty-fragments", FALSE}, {"En", "ssl-allow-beast", FALSE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, Loading
src/tool_help.c +1 −1 Original line number Diff line number Diff line Loading @@ -187,7 +187,7 @@ static const char *const helptext[] = { " --ssl-reqd Require SSL/TLS (FTP, IMAP, POP3, SMTP)", " -2, --sslv2 Use SSLv2 (SSL)", " -3, --sslv3 Use SSLv3 (SSL)", " --ssl-allow-below Allow security flaw to improve interop (SSL)", " --ssl-allow-beast Allow security flaw to improve interop (SSL)", " --stderr FILE Where to redirect stderr. - means stdout", " --tcp-nodelay Use the TCP_NODELAY option", " -t, --telnet-option OPT=VAL Set telnet option", Loading
