Skip to content

Commit f0491b5

Browse files
jasonacoxjasonacox
committed
Enable SSLv3 option for libcurl jasonacox#58 
1 parent 3a24189 commit f0491b5

File tree

3 files changed

+49
-2
lines changed

3 files changed

+49
-2
lines changed

build.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,7 @@ fi
186186
echo
187187
echo -e "${bold}Building Curl${normal}"
188188
cd curl
189-
./libcurl-build.sh -v "$LIBCURL" $disablebitcode $colorflag $buildnghttp2 $catalyst $OSARGS
189+
./libcurl-build.sh -v "$LIBCURL" $disablebitcode $colorflag $buildnghttp2 $catalyst $sslv3 $OSARGS
190190
cd ..
191191

192192
## Archive Libraries and Clean Up

curl/libcurl-build.sh

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ trap 'echo -e "${alert}** ERROR with Build - Check /tmp/curl*.log${alertdim}"; t
3737
CURL_VERSION="curl-7.74.0"
3838
nohttp2="0"
3939
catalyst="0"
40+
FORCE_SSLV3="no"
4041

4142
# Set minimum OS versions for target
4243
MACOS_X86_64_VERSION=""# Empty = use host version
@@ -73,13 +74,14 @@ usage ()
7374
echo " -u Mac Catalyst iOS min target version (default $CATALYST_IOS)"
7475
echo " -m compile Mac Catalyst library [beta]"
7576
echo " -x disable color output"
77+
echo " -3 enable SSLv3 support"
7678
echo " -h show usage"
7779
echo
7880
trap - INT TERM EXIT
7981
exit 127
8082
}
8183

82-
while getopts "v:s:t:i:a:u:nmbxh\?" o; do
84+
while getopts "v:s:t:i:a:u:nmb3xh\?" o; do
8385
case "${o}" in
8486
v)
8587
CURL_VERSION="curl-${OPTARG}"
@@ -118,6 +120,9 @@ while getopts "v:s:t:i:a:u:nmbxh\?" o; do
118120
alertdim=""
119121
archbold=""
120122
;;
123+
3)
124+
FORCE_SSLV3="yes"
125+
;;
121126
*)
122127
usage
123128
;;
@@ -501,6 +506,14 @@ fi
501506
echo "Unpacking curl"
502507
tar xfz "${CURL_VERSION}.tar.gz"
503508

509+
if [ ${FORCE_SSLV3} == 'yes' ]; then
510+
# for library
511+
sed -i '' '/version == CURL_SSLVERSION_SSLv3/d' "${CURL_VERSION}/lib/setopt.c"
512+
patch "${CURL_VERSION}/lib/vtls/openssl.c" sslv3.patch
513+
# for command line
514+
sed -i '' -e 's/warnf(global, \"Ignores instruction to use SSLv3\\n\");/config->ssl_version = CURL_SSLVERSION_SSLv3;/g' "${CURL_VERSION}/src/tool_getparam.c"
515+
fi
516+
504517
echo -e "${bold}Building Mac libraries${dim}"
505518
buildMac "x86_64"
506519
buildMac "arm64"

curl/sslv3.patch

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
--- openssl.c 2022-05-30 01:05:13.000000000 -0700
2+
+++ openssl.c.2 2022-05-30 01:25:52.000000000 -0700
3+
@@ -2709,8 +2709,9 @@
4+
failf(data, "No SSLv2 support");
5+
return CURLE_NOT_BUILT_IN;
6+
case CURL_SSLVERSION_SSLv3:
7+
- failf(data, "No SSLv3 support");
8+
- return CURLE_NOT_BUILT_IN;
9+
+ req_method = SSLv3_client_method();
10+
+ use_sni(FALSE);
11+
+ break;
12+
default:
13+
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
14+
return CURLE_SSL_CONNECT_ERROR;
15+
@@ -2798,9 +2799,18 @@
16+
17+
switch(ssl_version) {
18+
case CURL_SSLVERSION_SSLv2:
19+
- case CURL_SSLVERSION_SSLv3:
20+
return CURLE_NOT_BUILT_IN;
21+
22+
+ case CURL_SSLVERSION_SSLv3:
23+
+ SSL_CTX_set_min_proto_version(backend->ctx, SSL3_VERSION);
24+
+ SSL_CTX_set_max_proto_version(backend->ctx, SSL3_VERSION);
25+
+ ctx_options |= SSL_OP_NO_SSLv2;
26+
+ ctx_options |= SSL_OP_NO_TLSv1;
27+
+ ctx_options |= SSL_OP_NO_TLSv1_1;
28+
+ ctx_options |= SSL_OP_NO_TLSv1_2;
29+
+ ctx_options |= SSL_OP_NO_TLSv1_3;
30+
+ break;
31+
+
32+
/* "--tlsv<x.y>" options mean TLS >= version <x.y> */
33+
case CURL_SSLVERSION_DEFAULT:
34+
case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */

0 commit comments

Comments
 (0)