ssl version is now configurable

Thu, 29 Jan 2015 11:43:41 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Thu, 29 Jan 2015 11:43:41 +0100
changeset 73
41e88442ad4e
parent 72
aac29f2e8030
child 74
da079dc0724c

ssl version is now configurable

dav/config.c file | annotate | diff | comparison | revisions
dav/config.h file | annotate | diff | comparison | revisions
dav/main.c file | annotate | diff | comparison | revisions
dav/sync.c file | annotate | diff | comparison | revisions
--- a/dav/config.c	Tue Dec 30 13:24:03 2014 +0100
+++ b/dav/config.c	Thu Jan 29 11:43:41 2015 +0100
@@ -38,6 +38,7 @@
 #include <libidav/utils.h>
 
 #define xstreq(a,b) xmlStrEqual(BAD_CAST a, BAD_CAST b)
+#define xstrEQ(a,b) !xmlStrcasecmp(BAD_CAST a, BAD_CAST b)
 
 #ifdef _WIN32
 #define ENV_HOME getenv("USERPROFILE")
@@ -115,6 +116,7 @@
     repo->encrypt_content = false;
     repo->decrypt_name = false;
     repo->decrypt_content = true;
+    repo->ssl_version = CURL_SSLVERSION_DEFAULT;
     while(node) {
         if(node->type == XML_ELEMENT_NODE) {
             char *value = util_xml_get_text(node);
@@ -148,6 +150,28 @@
                 repo->decrypt_content = util_getboolean(value);
             } else if(xstreq(node->name, "decrypt-name")) {
                 repo->decrypt_name = util_getboolean(value);
+            } else if(xstreq(node->name, "ssl-version")) {
+                if(xstrEQ(value, "TLSv1")) {
+                    repo->ssl_version = CURL_SSLVERSION_TLSv1;
+                } else if(xstrEQ(value, "SSLv2")) {
+                    repo->ssl_version = CURL_SSLVERSION_SSLv2;
+                } else if(xstrEQ(value, "SSLv3")) {
+                    repo->ssl_version = CURL_SSLVERSION_SSLv3;
+                }
+#if LIBCURL_VERSION_MAJOR >= 7
+#if LIBCURL_VERSION_MINOR >= 34
+                else if(xstrEQ(value, "TLSv1.0")) {
+                    repo->ssl_version = CURL_SSLVERSION_TLSv1_0;
+                } else if(xstrEQ(value, "TLSv1.1")) {
+                    repo->ssl_version = CURL_SSLVERSION_TLSv1_1;
+                } else if(xstrEQ(value, "TLSv1.2")) {
+                    repo->ssl_version = CURL_SSLVERSION_TLSv1_2;
+                }
+#endif
+#endif
+                else {
+                    fprintf(stderr, "Unknown ssl version: %s\n", value);
+                }
             } else if(xstreq(node->name, "encrypt") || xstreq(node->name, "store-key-property") || xstreq(node->name, "decrypt")) {
                 fprintf(stderr, "Error: config.xml contains deprecated elements\n");
                 fprintf(stderr, "The elements <encrypt>, <decrypt> and <store-key-property> are removed\n");
--- a/dav/config.h	Tue Dec 30 13:24:03 2014 +0100
+++ b/dav/config.h	Thu Jan 29 11:43:41 2015 +0100
@@ -62,6 +62,7 @@
     bool encrypt_name;
     bool decrypt_content;
     bool decrypt_name;
+    int ssl_version;
 };
 
 struct Proxy {
--- a/dav/main.c	Tue Dec 30 13:24:03 2014 +0100
+++ b/dav/main.c	Thu Jan 29 11:43:41 2015 +0100
@@ -295,7 +295,7 @@
     DavSession *sn = dav_session_new_auth(ctx, repo->url, repo->user, repo->password);
     sn->flags = get_repository_flags(repo);
     sn->key = dav_context_get_key(ctx, repo->default_key);
-    
+    curl_easy_setopt(sn->handle, CURLOPT_SSLVERSION, repo->ssl_version);
     return sn;
 }
 
--- a/dav/sync.c	Tue Dec 30 13:24:03 2014 +0100
+++ b/dav/sync.c	Thu Jan 29 11:43:41 2015 +0100
@@ -133,6 +133,18 @@
     return 1;
 }
 
+static DavSession* create_session(DavContext *ctx, Repository *repo, char *url) {
+    DavSession *sn = dav_session_new_auth(
+            ctx,
+            url,
+            repo->user,
+            repo->password);
+    curl_easy_setopt(sn->handle, CURLOPT_SSLVERSION, repo->ssl_version);
+    sn->flags = get_repository_flags(repo);
+    sn->key = dav_context_get_key(ctx, repo->default_key);
+    return sn;
+}
+
 int cmd_pull(CmdArgs *a) {
     if(a->argc != 1) {
         fprintf(stderr, "Too %s arguments\n", a->argc < 1 ? "few" : "many");
@@ -161,17 +173,10 @@
     if(dir->collection) {
         new_url = util_concat_path(repo->url, dir->collection);
     }
-    // TODO: session creator function
-    DavSession *sn = dav_session_new_auth(
-            ctx,
-            new_url ? new_url : repo->url,
-            repo->user,
-            repo->password);
+    DavSession *sn = create_session(ctx, repo, new_url ? new_url : repo->url);
     if(new_url) {
         free(new_url);
     }
-    sn->flags = get_repository_flags(repo);
-    sn->key = dav_context_get_key(ctx, repo->default_key);
     if (cmd_getoption(a, "verbose")) {
         curl_easy_setopt(sn->handle, CURLOPT_VERBOSE, 1L);
         curl_easy_setopt(sn->handle, CURLOPT_STDERR, stderr);
@@ -465,17 +470,10 @@
     if(dir->collection) {
         new_url = util_concat_path(repo->url, dir->collection);
     }
-    // TODO: session creator function
-    DavSession *sn = dav_session_new_auth(
-            ctx,
-            new_url ? new_url : repo->url,
-            repo->user,
-            repo->password);
+    DavSession *sn = create_session(ctx, repo, new_url ? new_url : repo->url);
     if(new_url) {
         free(new_url);
     }
-    sn->flags = get_repository_flags(repo);
-    sn->key = dav_context_get_key(ctx, repo->default_key);
     if (cmd_getoption(a, "verbose")) {
         curl_easy_setopt(sn->handle, CURLOPT_VERBOSE, 1L);
         curl_easy_setopt(sn->handle, CURLOPT_STDERR, stderr);

mercurial