From 71a1442eb2a973164b0c3365be2e0297baa8e91d Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Tue, 4 Dec 2018 10:48:32 +0000
Subject: nss: Improve info message when falling back SSL protocol

Use descriptive text strings rather than decimal numbers.
---
 lib/vtls/nss.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 946c69717..79437a284 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -246,6 +246,32 @@ static void nss_print_error_message(struct Curl_easy *data, PRUint32 err)
   failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
 }
 
+static char *nss_sslver_to_name(PRUint16 nssver)
+{
+  switch(nssver) {
+  case SSL_LIBRARY_VERSION_2:
+    return strdup("SSLv2");
+  case SSL_LIBRARY_VERSION_3_0:
+    return strdup("SSLv3");
+  case SSL_LIBRARY_VERSION_TLS_1_0:
+    return strdup("TLSv1.0");
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+  case SSL_LIBRARY_VERSION_TLS_1_1:
+    return strdup("TLSv1.1");
+#endif
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+  case SSL_LIBRARY_VERSION_TLS_1_2:
+    return strdup("TLSv1.2");
+#endif
+#ifdef SSL_LIBRARY_VERSION_TLS_1_3
+  case SSL_LIBRARY_VERSION_TLS_1_3:
+    return strdup("TLSv1.3");
+#endif
+  default:
+    return curl_maprintf("0x%04x", nssver);
+  }
+}
+
 static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model,
                              char *cipher_list)
 {
@@ -1837,8 +1863,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
                                   &sslver_supported) != SECSuccess)
     goto error;
   if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) {
-    infof(data, "Falling back (from %d) to max supported SSL version (%d)\n",
-                sslver.max, sslver_supported.max);
+    char *sslver_req_str, *sslver_supp_str;
+    sslver_req_str = nss_sslver_to_name(sslver.max);
+    sslver_supp_str = nss_sslver_to_name(sslver_supported.max);
+    if(sslver_req_str && sslver_supp_str)
+      infof(data, "Falling back from %s to max supported SSL version (%s)\n",
+                  sslver_req_str, sslver_supp_str);
+    free(sslver_req_str);
+    free(sslver_supp_str);
     sslver.max = sslver_supported.max;
   }
   if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
-- 
cgit v1.2.1