diff options
| author | Paul Howarth <paul@city-fan.org> | 2018-12-04 10:48:32 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2018-12-05 15:24:32 +0100 |
| commit | 71a1442eb2a973164b0c3365be2e0297baa8e91d (patch) | |
| tree | cc023f8737363c82b739e409ddc8e1c911483684 | |
| parent | 6848ea585b34d7f1d3f73c1d6749321fc5843fbe (diff) | |
| download | curl-71a1442eb2a973164b0c3365be2e0297baa8e91d.tar.gz | |
nss: Improve info message when falling back SSL protocol
Use descriptive text strings rather than decimal numbers.
| -rw-r--r-- | lib/vtls/nss.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 946c69717..79437a284 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -246,6 +246,32 @@ static void nss_print_error_message(struct Curl_easy *data, PRUint32 err) failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT)); } +static char *nss_sslver_to_name(PRUint16 nssver) +{ + switch(nssver) { + case SSL_LIBRARY_VERSION_2: + return strdup("SSLv2"); + case SSL_LIBRARY_VERSION_3_0: + return strdup("SSLv3"); + case SSL_LIBRARY_VERSION_TLS_1_0: + return strdup("TLSv1.0"); +#ifdef SSL_LIBRARY_VERSION_TLS_1_1 + case SSL_LIBRARY_VERSION_TLS_1_1: + return strdup("TLSv1.1"); +#endif +#ifdef SSL_LIBRARY_VERSION_TLS_1_2 + case SSL_LIBRARY_VERSION_TLS_1_2: + return strdup("TLSv1.2"); +#endif +#ifdef SSL_LIBRARY_VERSION_TLS_1_3 + case SSL_LIBRARY_VERSION_TLS_1_3: + return strdup("TLSv1.3"); +#endif + default: + return curl_maprintf("0x%04x", nssver); + } +} + static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model, char *cipher_list) { @@ -1837,8 +1863,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) &sslver_supported) != SECSuccess) goto error; if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) { - infof(data, "Falling back (from %d) to max supported SSL version (%d)\n", - sslver.max, sslver_supported.max); + char *sslver_req_str, *sslver_supp_str; + sslver_req_str = nss_sslver_to_name(sslver.max); + sslver_supp_str = nss_sslver_to_name(sslver_supported.max); + if(sslver_req_str && sslver_supp_str) + infof(data, "Falling back from %s to max supported SSL version (%s)\n", + sslver_req_str, sslver_supp_str); + free(sslver_req_str); + free(sslver_supp_str); sslver.max = sslver_supported.max; } if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) |