pidgin/pidgin

Change this to a preprocessor check.
release-2.x.y
2014-09-29, Mark Doliner
6d2325070ec8
Parents 90c81031ac46
Children 2efc22e824ab
Change this to a preprocessor check.

Obviously this needs to happen at the preprocessor level because
SSLVersionRange won't exist in old versions. I'm not sure when
these constants started appearing... I'm kinda just hoping they've
been around as long as the NSS_VersionCheck function (NSS 3.2, I think,
which was many years ago). I might look into it. But checking this
in now to get in before the nightly Jenkins build for ppc.
1 files changed, 25 insertions(+), 22 deletions(-)
  • +25 -22
    libpurple/plugins/ssl/ssl-nss.c
    • --- a/libpurple/plugins/ssl/ssl-nss.c Sun Sep 28 19:07:00 2014 -0700
    +++ b/libpurple/plugins/ssl/ssl-nss.c Mon Sep 29 23:20:03 2014 -0700
    @@ -136,6 +136,11 @@
    static void
    ssl_nss_init_nss(void)
    {
    +#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
    + SSLVersionRange supported, enabled;
    +fprintf(stderr, "MARK got it\n");
    +#endif /* NSS >= 3.14 */
    +
    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
    NSS_NoDB_Init(".");
    NSS_SetDomesticPolicy();
    @@ -153,32 +158,30 @@
    SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
    SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
    - if (NSS_VersionCheck("3.14")) {
    - SSLVersionRange supported, enabled;
    -
    - /* Get the ranges of supported and enabled SSL versions */
    - if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
    - (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
    - purple_debug_info("nss", "TLS supported versions: "
    - "0x%04hx through 0x%04hx\n", supported.min, supported.max);
    - purple_debug_info("nss", "TLS versions allowed by default: "
    - "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    +#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
    + /* Get the ranges of supported and enabled SSL versions */
    + if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
    + (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
    + purple_debug_info("nss", "TLS supported versions: "
    + "0x%04hx through 0x%04hx\n", supported.min, supported.max);
    + purple_debug_info("nss", "TLS versions allowed by default: "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    - /* Make sure all versions of TLS supported by the local library are
    - enabled. (For some reason NSS doesn't enable newer versions of TLS
    - by default -- more context in ticket #15909.) */
    - if (supported.max > enabled.max) {
    - enabled.max = supported.max;
    - if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
    - purple_debug_info("nss", "Changed allowed TLS versions to "
    - "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    - } else {
    - purple_debug_error("nss", "Error setting allowed TLS versions to "
    - "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    - }
    + /* Make sure all versions of TLS supported by the local library are
    + enabled. (For some reason NSS doesn't enable newer versions of TLS
    + by default -- more context in ticket #15909.) */
    + if (supported.max > enabled.max) {
    + enabled.max = supported.max;
    + if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
    + purple_debug_info("nss", "Changed allowed TLS versions to "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    + } else {
    + purple_debug_error("nss", "Error setting allowed TLS versions to "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    }
    }
    }
    +#endif /* NSS >= 3.14 */
    _identity = PR_GetUniqueIdentity("Purple");
    _nss_methods = PR_GetDefaultIOMethods();