work-around SSL implementation flaws better, pointed out in bug report

author Daniel Stenberg <daniel@haxx.se>

Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)
author Daniel Stenberg <daniel@haxx.se>
Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)
diff --git a/lib/ssluse.c b/lib/ssluse.c

index a15649b..d520a2b 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -785,6 +785,16 @@ Curl_SSLConnect(struct connectdata *conn)
      failf(data, "SSL: couldn't create a context!");
      return CURLE_OUT_OF_MEMORY;
    }
+
+  /* OpenSSL contains code to work-around lots of bugs and flaws in various
+     SSL-implementations. SSL_CTX_set_options() is used to enabled those
+     work-arounds. The man page for this option states that SSL_OP_ALL enables
+     ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+     enable the bug workaround options if compatibility with somewhat broken
+     implementations is desired."
+
+  */
+  SSL_CTX_set_options(conn->ssl.ctx, SSL_OP_ALL);
      
    if(data->set.cert) {
      if (!cert_stuff(conn,
author	Daniel Stenberg <daniel@haxx.se>
	Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 2 Jun 2003 13:27:03 +0000 (13:27 +0000)