Mercurial > pidgin3 / file comparison

comparison: libpurple/plugins/ssl/ssl-nss.c

libpurple/plugins/ssl/ssl-nss.c

branch
release-2.x.y
changeset 36162
90c81031ac46
parent 36160
d13511faaeec
child 36163
c3e87cb60c02
child 36164
6d2325070ec8
equal deleted inserted replaced
36161:89bb3eaa33b9 36162:90c81031ac46
134 } 134 }
135 135
136 static void 136 static void
137 ssl_nss_init_nss(void) 137 ssl_nss_init_nss(void)
138 { 138 {
139 SSLVersionRange supported, enabled;
140
141 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); 139 PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
142 NSS_NoDB_Init("."); 140 NSS_NoDB_Init(".");
143 NSS_SetDomesticPolicy(); 141 NSS_SetDomesticPolicy();
144 142
145 SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1); 143 SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
153 SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1); 151 SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
154 SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1); 152 SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
155 SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1); 153 SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
156 SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1); 154 SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
157 155
158 /* Get the ranges of supported and enabled SSL versions */ 156 if (NSS_VersionCheck("3.14")) {
159 if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) && 157 SSLVersionRange supported, enabled;
160 (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) { 158
161 purple_debug_info("nss", "TLS supported versions: " 159 /* Get the ranges of supported and enabled SSL versions */
162 "0x%04hx through 0x%04hx\n", supported.min, supported.max); 160 if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
163 purple_debug_info("nss", "TLS versions allowed by default: " 161 (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
164 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); 162 purple_debug_info("nss", "TLS supported versions: "
165 163 "0x%04hx through 0x%04hx\n", supported.min, supported.max);
166 /* Make sure all versions of TLS supported by the local library are 164 purple_debug_info("nss", "TLS versions allowed by default: "
167 enabled. (For some reason NSS doesn't enable newer versions of TLS 165 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
168 by default -- more context in ticket #15909.) */ 166
169 if (supported.max > enabled.max) { 167 /* Make sure all versions of TLS supported by the local library are
170 enabled.max = supported.max; 168 enabled. (For some reason NSS doesn't enable newer versions of TLS
171 if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) { 169 by default -- more context in ticket #15909.) */
172 purple_debug_info("nss", "Changed allowed TLS versions to " 170 if (supported.max > enabled.max) {
173 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); 171 enabled.max = supported.max;
174 } else { 172 if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
175 purple_debug_error("nss", "Error setting allowed TLS versions to " 173 purple_debug_info("nss", "Changed allowed TLS versions to "
176 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); 174 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
175 } else {
176 purple_debug_error("nss", "Error setting allowed TLS versions to "
177 "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
178 }
177 } 179 }
178 } 180 }
179 } 181 }
180 182
181 _identity = PR_GetUniqueIdentity("Purple"); 183 _identity = PR_GetUniqueIdentity("Purple");

Mercurial Repository: pidgin3

mercurial