- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that

  forces it to prefer SSLv3.

diff --git a/CHANGES b/CHANGES
index 4a5e294..886e4c6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Daniel S (25 Feb 2008)
+- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
+  forces it to prefer SSLv3.
+
 Daniel S (23 Feb 2008)
 - Sam Listopad provided a patch in feature-request #1900014
   http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0127a13..71195e2 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -31,6 +31,7 @@ This release includes the following bugfixes:
  o bad re-use of SSL connections in non-complete state
  o test case 405 failures with GnuTLS builds
  o crash when connection cache size is 1 and Curl_do() failed
+ o GnuTLS-built libcurl can now be forced to prefer SSLv3
 
 This release includes the following known bugs:
 

diff --git a/lib/gtls.c b/lib/gtls.c
index 05efd11..01e8e97 100644 (file)
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -233,7 +233,7 @@ Curl_gtls_connect(struct connectdata *conn,
   if(!gtls_inited)
     _Curl_gtls_init();
 
-  /* GnuTLS only supports TLSv1 (and SSLv3?) */
+  /* GnuTLS only supports SSLv3 and TLSv1 */
   if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
     failf(data, "GnuTLS does not support SSLv2");
     return CURLE_SSL_CONNECT_ERROR;
@@ -280,6 +280,13 @@ Curl_gtls_connect(struct connectdata *conn,
   if(rc < 0)
     return CURLE_SSL_CONNECT_ERROR;
 
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
+    int protocol_priority[] = { GNUTLS_SSL3, 0 };
+    gnutls_protocol_set_priority(session, protocol_priority);
+    if(rc < 0)
+      return CURLE_SSL_CONNECT_ERROR;
+  }
+
   /* Sets the priority on the certificate types supported by gnutls. Priority
      is higher for types specified before others. After specifying the types
      you want, you must append a 0. */