Thu, 29 Jan 2015 11:43:41 +0100
ssl version is now configurable
dav/config.c | file | annotate | diff | comparison | revisions | |
dav/config.h | file | annotate | diff | comparison | revisions | |
dav/main.c | file | annotate | diff | comparison | revisions | |
dav/sync.c | file | annotate | diff | comparison | revisions |
--- a/dav/config.c Tue Dec 30 13:24:03 2014 +0100 +++ b/dav/config.c Thu Jan 29 11:43:41 2015 +0100 @@ -38,6 +38,7 @@ #include <libidav/utils.h> #define xstreq(a,b) xmlStrEqual(BAD_CAST a, BAD_CAST b) +#define xstrEQ(a,b) !xmlStrcasecmp(BAD_CAST a, BAD_CAST b) #ifdef _WIN32 #define ENV_HOME getenv("USERPROFILE") @@ -115,6 +116,7 @@ repo->encrypt_content = false; repo->decrypt_name = false; repo->decrypt_content = true; + repo->ssl_version = CURL_SSLVERSION_DEFAULT; while(node) { if(node->type == XML_ELEMENT_NODE) { char *value = util_xml_get_text(node); @@ -148,6 +150,28 @@ repo->decrypt_content = util_getboolean(value); } else if(xstreq(node->name, "decrypt-name")) { repo->decrypt_name = util_getboolean(value); + } else if(xstreq(node->name, "ssl-version")) { + if(xstrEQ(value, "TLSv1")) { + repo->ssl_version = CURL_SSLVERSION_TLSv1; + } else if(xstrEQ(value, "SSLv2")) { + repo->ssl_version = CURL_SSLVERSION_SSLv2; + } else if(xstrEQ(value, "SSLv3")) { + repo->ssl_version = CURL_SSLVERSION_SSLv3; + } +#if LIBCURL_VERSION_MAJOR >= 7 +#if LIBCURL_VERSION_MINOR >= 34 + else if(xstrEQ(value, "TLSv1.0")) { + repo->ssl_version = CURL_SSLVERSION_TLSv1_0; + } else if(xstrEQ(value, "TLSv1.1")) { + repo->ssl_version = CURL_SSLVERSION_TLSv1_1; + } else if(xstrEQ(value, "TLSv1.2")) { + repo->ssl_version = CURL_SSLVERSION_TLSv1_2; + } +#endif +#endif + else { + fprintf(stderr, "Unknown ssl version: %s\n", value); + } } else if(xstreq(node->name, "encrypt") || xstreq(node->name, "store-key-property") || xstreq(node->name, "decrypt")) { fprintf(stderr, "Error: config.xml contains deprecated elements\n"); fprintf(stderr, "The elements <encrypt>, <decrypt> and <store-key-property> are removed\n");
--- a/dav/config.h Tue Dec 30 13:24:03 2014 +0100 +++ b/dav/config.h Thu Jan 29 11:43:41 2015 +0100 @@ -62,6 +62,7 @@ bool encrypt_name; bool decrypt_content; bool decrypt_name; + int ssl_version; }; struct Proxy {
--- a/dav/main.c Tue Dec 30 13:24:03 2014 +0100 +++ b/dav/main.c Thu Jan 29 11:43:41 2015 +0100 @@ -295,7 +295,7 @@ DavSession *sn = dav_session_new_auth(ctx, repo->url, repo->user, repo->password); sn->flags = get_repository_flags(repo); sn->key = dav_context_get_key(ctx, repo->default_key); - + curl_easy_setopt(sn->handle, CURLOPT_SSLVERSION, repo->ssl_version); return sn; }
--- a/dav/sync.c Tue Dec 30 13:24:03 2014 +0100 +++ b/dav/sync.c Thu Jan 29 11:43:41 2015 +0100 @@ -133,6 +133,18 @@ return 1; } +static DavSession* create_session(DavContext *ctx, Repository *repo, char *url) { + DavSession *sn = dav_session_new_auth( + ctx, + url, + repo->user, + repo->password); + curl_easy_setopt(sn->handle, CURLOPT_SSLVERSION, repo->ssl_version); + sn->flags = get_repository_flags(repo); + sn->key = dav_context_get_key(ctx, repo->default_key); + return sn; +} + int cmd_pull(CmdArgs *a) { if(a->argc != 1) { fprintf(stderr, "Too %s arguments\n", a->argc < 1 ? "few" : "many"); @@ -161,17 +173,10 @@ if(dir->collection) { new_url = util_concat_path(repo->url, dir->collection); } - // TODO: session creator function - DavSession *sn = dav_session_new_auth( - ctx, - new_url ? new_url : repo->url, - repo->user, - repo->password); + DavSession *sn = create_session(ctx, repo, new_url ? new_url : repo->url); if(new_url) { free(new_url); } - sn->flags = get_repository_flags(repo); - sn->key = dav_context_get_key(ctx, repo->default_key); if (cmd_getoption(a, "verbose")) { curl_easy_setopt(sn->handle, CURLOPT_VERBOSE, 1L); curl_easy_setopt(sn->handle, CURLOPT_STDERR, stderr); @@ -465,17 +470,10 @@ if(dir->collection) { new_url = util_concat_path(repo->url, dir->collection); } - // TODO: session creator function - DavSession *sn = dav_session_new_auth( - ctx, - new_url ? new_url : repo->url, - repo->user, - repo->password); + DavSession *sn = create_session(ctx, repo, new_url ? new_url : repo->url); if(new_url) { free(new_url); } - sn->flags = get_repository_flags(repo); - sn->key = dav_context_get_key(ctx, repo->default_key); if (cmd_getoption(a, "verbose")) { curl_easy_setopt(sn->handle, CURLOPT_VERBOSE, 1L); curl_easy_setopt(sn->handle, CURLOPT_STDERR, stderr);