1 files changed, 30 insertions, 10 deletions

diff --git a/url.c b/url.c
index cbb4aab..10089ca 100644
--- a/url.c
+++ b/url.c
@@ -121,6 +121,7 @@ static struct table2 DefaultGuess[] = {
 };
 
 static void add_index_file(ParsedURL *pu, URLFile *uf);
+static char * schemeNumToName(int scheme);
 
 /* #define HTTP_DEFAULT_FILE    "/index.html" */
 
@@ -326,6 +327,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 	SSL_load_error_strings();
 	if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
 	    goto eend;
+	SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!EXP");
 	option = SSL_OP_ALL;
 	if (ssl_forbid_method) {
 	    if (strchr(ssl_forbid_method, '2'))
@@ -337,7 +339,15 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 	    if (strchr(ssl_forbid_method, 'T'))
 		option |= SSL_OP_NO_TLSv1;
 	}
+#ifdef SSL_OP_NO_COMPRESSION
+	option |= SSL_OP_NO_COMPRESSION;
+#endif
 	SSL_CTX_set_options(ssl_ctx, option);
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+	SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
 #ifdef USE_SSL_VERIFY
 	/* derived from openssl-0.9.5/apps/s_{client,cb}.c */
 #if 1				/* use SSL_get_verify_result() to verify cert */
@@ -1285,6 +1295,18 @@ getURLScheme(char **url)
 }
 
 static char *
+schemeNumToName(int scheme)
+{
+    int i;
+
+    for (i = 0; schemetable[i].cmdname != NULL; i++) {
+	if (schemetable[i].cmd == scheme)
+	    return schemetable[i].cmdname;
+    }
+    return NULL;
+}
+
+static char *
 otherinfo(ParsedURL *target, ParsedURL *current, char *referer)
 {
     Str s = Strnew();
@@ -1616,7 +1638,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    pu->host != NULL && !check_no_proxy(pu->host)) {
 	    hr->flag |= HR_FLAG_PROXY;
 	    sock = openSocket(FTP_proxy_parsed.host,
-			      schemetable[FTP_proxy_parsed.scheme].cmdname,
+			      schemeNumToName(FTP_proxy_parsed.scheme),
 			      FTP_proxy_parsed.port);
 	    if (sock < 0)
 		return uf;
@@ -1658,15 +1680,15 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    }
 	    else if (pu->scheme == SCM_HTTPS) {
 		sock = openSocket(HTTPS_proxy_parsed.host,
-				  schemetable[HTTPS_proxy_parsed.scheme].
-				  cmdname, HTTPS_proxy_parsed.port);
+				  schemeNumToName(HTTPS_proxy_parsed.scheme),
+				  HTTPS_proxy_parsed.port);
 		sslh = NULL;
 	    }
 	    else {
 #endif				/* USE_SSL */
 		sock = openSocket(HTTP_proxy_parsed.host,
-				  schemetable[HTTP_proxy_parsed.scheme].
-				  cmdname, HTTP_proxy_parsed.port);
+				  schemeNumToName(HTTP_proxy_parsed.scheme),
+				  HTTP_proxy_parsed.port);
 #ifdef USE_SSL
 		sslh = NULL;
 	    }
@@ -1698,8 +1720,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    }
 	}
 	else {
-	    sock = openSocket(pu->host,
-			      schemetable[pu->scheme].cmdname, pu->port);
+	    sock = openSocket(pu->host, schemeNumToName(pu->scheme), pu->port);
 	    if (sock < 0) {
 		*status = HTST_MISSING;
 		return uf;
@@ -1763,7 +1784,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    pu->host != NULL && !check_no_proxy(pu->host)) {
 	    hr->flag |= HR_FLAG_PROXY;
 	    sock = openSocket(GOPHER_proxy_parsed.host,
-			      schemetable[GOPHER_proxy_parsed.scheme].cmdname,
+			      schemeNumToName(GOPHER_proxy_parsed.scheme),
 			      GOPHER_proxy_parsed.port);
 	    if (sock < 0)
 		return uf;
@@ -1771,8 +1792,7 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    tmp = HTTPrequest(pu, current, hr, extra_header);
 	}
 	else {
-	    sock = openSocket(pu->host,
-			      schemetable[pu->scheme].cmdname, pu->port);
+	    sock = openSocket(pu->host, schemeNumToName(pu->scheme), pu->port);
 	    if (sock < 0)
 		return uf;
 	    if (pu->file == NULL)