Package: sblim-wbemcli / 1.6.3-2

Allow-wbemcli-to-use-TLS.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wferi@debian.org>
Date: Sun, 25 Dec 2016 17:45:47 +0100
Subject: Allow wbemcli to use TLS

Patch taken from https://sourceforge.net/p/sblim/bugs/2742/

Thanks: Vitezslav Crhonek
---
 CimCurl.cpp          | 24 ++++++++++++++++++++++--
 man/wbemcli.1.pre.in |  8 ++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/CimCurl.cpp b/CimCurl.cpp
index 5b7331b..203f444 100644
--- a/CimCurl.cpp
+++ b/CimCurl.cpp
@@ -177,8 +177,28 @@ void CimomCurl::genRequest(URL &url, const char *op, bool cls, bool keys)
     rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYHOST, 0);
     //    rv = curl_easy_setopt(mHandle, CURLOPT_SSL_VERIFYPEER, 0);
     
-    /* Force using SSL V3 */
-    rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, 3);    
+    /* Force use of a specific SSL/TLS version */
+    char * curlSslVer = getenv("WBEMCLI_CURL_SSLVERSION");
+    if (curlSslVer) {
+      if (!strcasecmp(curlSslVer,"SSLv2"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
+      else if (!strcasecmp(curlSslVer,"SSLv3"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+      else if (!strcasecmp(curlSslVer,"TLSv1"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+      else if (!strcasecmp(curlSslVer,"TLSv1.0") || !strcasecmp(curlSslVer,"TLSv1_0"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
+      else if (!strcasecmp(curlSslVer,"TLSv1.1") || !strcasecmp(curlSslVer,"TLSv1_1"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
+      else if (!strcasecmp(curlSslVer,"TLSv1.2") || !strcasecmp(curlSslVer,"TLSv1_2"))
+        rv = curl_easy_setopt(mHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+      else
+        throw URLException("unknown WBEMCLI_CURL_SSLVERSION");
+    }
+
+    if (rv != CURLE_OK) {
+        throw URLException("unsupported WBEMCLI_CURL_SSLVERSION in this curl library");
+    }
 
     /* Set username and password */
     if (url.user.length() > 0 && url.password.length() > 0) {
diff --git a/man/wbemcli.1.pre.in b/man/wbemcli.1.pre.in
index 989035a..5414fd9 100644
--- a/man/wbemcli.1.pre.in
+++ b/man/wbemcli.1.pre.in
@@ -560,6 +560,14 @@ The example in the previous section can then be specified as:
 	wbemcli gi 'myCimom/root/cimv2:rpm_package.name="glibc"'
 .PP
 
+.SH ENVIRONMENT
+.TP
+.B WBEMCLI_CURL_SSLVERSION
+Specifies the SSL protocol that will be used.
+Valid values are SSLv2, SSLv3, TLSv1, TLSv1.0 (TLSv1_0), TLSv1.1 (TLSv1_1)
+or TLSv1.2 (TLSv1_2).
+If this variable is not set, wbemcli will attempt to figure out the
+remote SSL protocol version.
 .SH FILES
 .TP
 .I @CACERT@