--- a/libpurple/plugins/ssl/ssl-nss.c Sun Sep 28 19:12:41 2014 -0700
+++ b/libpurple/plugins/ssl/ssl-nss.c Tue Sep 30 23:58:44 2014 -0700
@@ -32,6 +32,9 @@
+/* WINDDK_BUILD is defined because the checks around usage of + * intrisic functions are wrong in nspr */ /* TODO: Why is this done?
@@ -133,6 +136,10 @@
+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 ) + SSLVersionRange supported, enabled; +#endif /* NSS >= 3.14 */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
@@ -150,34 +157,32 @@
SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
- if (NSS_VersionCheck("3.14")) {
- SSLVersionRange supported, enabled;
- /* Get the ranges of supported and enabled SSL versions */
- if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
- (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
- purple_debug_info("nss", "TLS supported versions: "
- "0x%04hx through 0x%04hx\n", supported.min, supported.max);
- purple_debug_info("nss", "TLS versions allowed by default: "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 ) + /* Get the ranges of supported and enabled SSL versions */ + if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) && + (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) { + purple_debug_info("nss", "TLS supported versions: " + "0x%04hx through 0x%04hx\n", supported.min, supported.max); + purple_debug_info("nss", "TLS versions allowed by default: " + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); - /* Make sure SSL 3.0 is disabled (it's old and everyone should be
- using at least TLS 1.0 by now), and make sure all versions of TLS
- supported by the local library are enabled (for some reason NSS
- doesn't enable newer versions of TLS by default -- more context in
- if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
- enabled.max = supported.max;
- if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
- purple_debug_info("nss", "Changed allowed TLS versions to "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
- purple_debug_error("nss", "Error setting allowed TLS versions to "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+ /* Make sure SSL 3.0 is disabled (it's old and everyone should be + using at least TLS 1.0 by now), and make sure all versions of TLS + supported by the local library are enabled (for some reason NSS + doesn't enable newer versions of TLS by default -- more context in + if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) { + enabled.max = supported.max; + if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) { + purple_debug_info("nss", "Changed allowed TLS versions to " + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); + purple_debug_error("nss", "Error setting allowed TLS versions to " + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max); +#endif /* NSS >= 3.14 */ _identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();