Update of /cvsroot/sblim/wbemcli
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv19187
Modified Files:
ChangeLog CimCurl.cpp NEWS
Log Message:
Fixed 0002742: support configurable SSL version
Index: NEWS
===================================================================
RCS file: /cvsroot/sblim/wbemcli/NEWS,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -d -r1.51 -r1.52
--- NEWS 14 Oct 2014 03:46:51 -0000 1.51
+++ NEWS 22 Dec 2014 00:49:30 -0000 1.52
@@ -2,7 +2,7 @@
========================
Bugs:
-
+- 0002742 support configurable SSL version
Changes in Version 1.6.3
========================
Index: ChangeLog
===================================================================
RCS file: /cvsroot/sblim/wbemcli/ChangeLog,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -d -r1.43 -r1.44
--- ChangeLog 13 Oct 2014 16:05:30 -0000 1.43
+++ ChangeLog 22 Dec 2014 00:49:29 -0000 1.44
@@ -1,3 +1,9 @@
+2014-12-21 Dave Heller <hel...@us...>
+
+ * CimCurl.cpp, NEWS:
+
+ Fixed 0002742: support configurable SSL version
+
2013-10-13 Dave Heller <hel...@us...>
* CimXml.cpp, NEWS:
Index: CimCurl.cpp
===================================================================
RCS file: /cvsroot/sblim/wbemcli/CimCurl.cpp,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- CimCurl.cpp 20 Sep 2013 23:26:32 -0000 1.18
+++ CimCurl.cpp 22 Dec 2014 00:49:30 -0000 1.19
@@ -177,8 +177,36 @@
rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYHOST, 0);
// rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYPEER, 0);
- /* Force using SSL V3 */
- rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, 3);
+ /* Force use of a specific SSL/TLS version */
+ char * curlSslVer = getenv("WBEMCLI_CURL_SSLVERSION");
+ if (curlSslVer) {
+ if (!strcasecmp(curlSslVer,"SSLv2"))
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
+ else if (!strcasecmp(curlSslVer,"SSLv3"))
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ else if (!strcasecmp(curlSslVer,"TLSv1"))
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+ else if (!strcasecmp(curlSslVer,"TLSv1.0") || !strcasecmp(curlSslVer,"TLSv1_0"))
+#if LIBCURL_VERSION_NUM >= 0x072200
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
+#else
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.0 requires libcurl 7.34 or greater");
+#endif
+ else if (!strcasecmp(curlSslVer,"TLSv1.1") || !strcasecmp(curlSslVer,"TLSv1_1"))
+#if LIBCURL_VERSION_NUM >= 0x072200
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
+#else
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.1 requires libcurl 7.34 or greater");
+#endif
+ else if (!strcasecmp(curlSslVer,"TLSv1.2") || !strcasecmp(curlSslVer,"TLSv1_2"))
+#if LIBCURL_VERSION_NUM >= 0x072200
+ rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+#else
+ throw URLException("WBEMCLI_CURL_SSLVERSION=TLSv1.2 requires libcurl 7.34 or greater");
+#endif
+ else
+ throw URLException("unknown WBEMCLI_CURL_SSLVERSION");
+ }
/* Set username and password */
if (url.user.length() > 0 && url.password.length() > 0) {
|
