/pidgin/main: 90c81031ac46: Only attempt to change the allowed T...

Mark Doliner mark at kingant.net
Sun Sep 28 22:06:53 EDT 2014 

Changeset: 90c81031ac46dfa935cb14b5a9f4f93e1ca43beb
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2014-09-28 19:07 -0700
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/90c81031ac46

Description:

Only attempt to change the allowed TLS version range if it's supported.

The necessary functions were added in NSS 3.14.

Hopefully fixes the Jenkins build on debian-ppc64, which is apparently
using a pretty old version of NSS?
https://www.guifications.org/jenkins/view/Pidgin/job/pidgin-debian-ppc64-2.x.y/

Thanks to Tomasz for noticing that it was broken.

diffstat:

 libpurple/plugins/ssl/ssl-nss.c |  42 +++++++++++++++++++++-------------------
 1 files changed, 22 insertions(+), 20 deletions(-)

diffs (60 lines):

diff --git a/libpurple/plugins/ssl/ssl-nss.c b/libpurple/plugins/ssl/ssl-nss.c
--- a/libpurple/plugins/ssl/ssl-nss.c
+++ b/libpurple/plugins/ssl/ssl-nss.c
@@ -136,8 +136,6 @@ static gchar *get_error_text(void)
 static void
 ssl_nss_init_nss(void)
 {
-	SSLVersionRange supported, enabled;
-
 	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 	NSS_NoDB_Init(".");
 	NSS_SetDomesticPolicy();
@@ -155,25 +153,29 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
-	/* Get the ranges of supported and enabled SSL versions */
-	if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
-			(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
-		purple_debug_info("nss", "TLS supported versions: "
-				"0x%04hx through 0x%04hx\n", supported.min, supported.max);
-		purple_debug_info("nss", "TLS versions allowed by default: "
-				"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+    if (NSS_VersionCheck("3.14")) {
+		SSLVersionRange supported, enabled;
 
-		/* Make sure all versions of TLS supported by the local library are
-		   enabled. (For some reason NSS doesn't enable newer versions of TLS
-		   by default -- more context in ticket #15909.) */
-		if (supported.max > enabled.max) {
-			enabled.max = supported.max;
-			if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
-				purple_debug_info("nss", "Changed allowed TLS versions to "
-						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
-			} else {
-				purple_debug_error("nss", "Error setting allowed TLS versions to "
-						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+		/* Get the ranges of supported and enabled SSL versions */
+		if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
+				(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
+			purple_debug_info("nss", "TLS supported versions: "
+					"0x%04hx through 0x%04hx\n", supported.min, supported.max);
+			purple_debug_info("nss", "TLS versions allowed by default: "
+					"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+
+			/* Make sure all versions of TLS supported by the local library are
+			   enabled. (For some reason NSS doesn't enable newer versions of TLS
+			   by default -- more context in ticket #15909.) */
+			if (supported.max > enabled.max) {
+				enabled.max = supported.max;
+				if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
+					purple_debug_info("nss", "Changed allowed TLS versions to "
+							"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+				} else {
+					purple_debug_error("nss", "Error setting allowed TLS versions to "
+							"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+				}
 			}
 		}
 	}

More information about the Commits mailing list