diff options
Diffstat (limited to '')
-rw-r--r-- | url.c | 40 |
1 files changed, 30 insertions, 10 deletions
@@ -121,6 +121,7 @@ static struct table2 DefaultGuess[] = { }; static void add_index_file(ParsedURL *pu, URLFile *uf); +static char * schemeNumToName(int scheme); /* #define HTTP_DEFAULT_FILE "/index.html" */ @@ -326,6 +327,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert) SSL_load_error_strings(); if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) goto eend; + SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!EXP"); option = SSL_OP_ALL; if (ssl_forbid_method) { if (strchr(ssl_forbid_method, '2')) @@ -337,7 +339,15 @@ openSSLHandle(int sock, char *hostname, char **p_cert) if (strchr(ssl_forbid_method, 'T')) option |= SSL_OP_NO_TLSv1; } +#ifdef SSL_OP_NO_COMPRESSION + option |= SSL_OP_NO_COMPRESSION; +#endif SSL_CTX_set_options(ssl_ctx, option); + +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + #ifdef USE_SSL_VERIFY /* derived from openssl-0.9.5/apps/s_{client,cb}.c */ #if 1 /* use SSL_get_verify_result() to verify cert */ @@ -1285,6 +1295,18 @@ getURLScheme(char **url) } static char * +schemeNumToName(int scheme) +{ + int i; + + for (i = 0; schemetable[i].cmdname != NULL; i++) { + if (schemetable[i].cmd == scheme) + return schemetable[i].cmdname; + } + return NULL; +} + +static char * otherinfo(ParsedURL *target, ParsedURL *current, char *referer) { Str s = Strnew(); @@ -1616,7 +1638,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, pu->host != NULL && !check_no_proxy(pu->host)) { hr->flag |= HR_FLAG_PROXY; sock = openSocket(FTP_proxy_parsed.host, - schemetable[FTP_proxy_parsed.scheme].cmdname, + schemeNumToName(FTP_proxy_parsed.scheme), FTP_proxy_parsed.port); if (sock < 0) return uf; @@ -1658,15 +1680,15 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, } else if (pu->scheme == SCM_HTTPS) { sock = openSocket(HTTPS_proxy_parsed.host, - schemetable[HTTPS_proxy_parsed.scheme]. - cmdname, HTTPS_proxy_parsed.port); + schemeNumToName(HTTPS_proxy_parsed.scheme), + HTTPS_proxy_parsed.port); sslh = NULL; } else { #endif /* USE_SSL */ sock = openSocket(HTTP_proxy_parsed.host, - schemetable[HTTP_proxy_parsed.scheme]. - cmdname, HTTP_proxy_parsed.port); + schemeNumToName(HTTP_proxy_parsed.scheme), + HTTP_proxy_parsed.port); #ifdef USE_SSL sslh = NULL; } @@ -1698,8 +1720,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, } } else { - sock = openSocket(pu->host, - schemetable[pu->scheme].cmdname, pu->port); + sock = openSocket(pu->host, schemeNumToName(pu->scheme), pu->port); if (sock < 0) { *status = HTST_MISSING; return uf; @@ -1763,7 +1784,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, pu->host != NULL && !check_no_proxy(pu->host)) { hr->flag |= HR_FLAG_PROXY; sock = openSocket(GOPHER_proxy_parsed.host, - schemetable[GOPHER_proxy_parsed.scheme].cmdname, + schemeNumToName(GOPHER_proxy_parsed.scheme), GOPHER_proxy_parsed.port); if (sock < 0) return uf; @@ -1771,8 +1792,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, tmp = HTTPrequest(pu, current, hr, extra_header); } else { - sock = openSocket(pu->host, - schemetable[pu->scheme].cmdname, pu->port); + sock = openSocket(pu->host, schemeNumToName(pu->scheme), pu->port); if (sock < 0) return uf; if (pu->file == NULL) |