#ifndef XMLTOOLING_NO_XMLSEC
m_cred(nullptr), m_trustEngine(nullptr), m_peerResolver(nullptr), m_mandatory(false),
#endif
- m_openssl_ops(SSL_OP_ALL|SSL_OP_NO_SSLv2), m_ssl_callback(nullptr), m_ssl_userptr(nullptr),
+ m_openssl_ops(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3), m_ssl_callback(nullptr), m_ssl_userptr(nullptr),
m_chunked(true), m_authenticated(false), m_cacheTag(nullptr) {
m_handle = g_CURLPool->get(addr);
curl_easy_setopt(m_handle,CURLOPT_URL,addr.m_endpoint);
m_useragent = XMLToolingConfig::getConfig().user_agent;
if (!m_useragent.empty()) {
curl_version_info_data* curlver = curl_version_info(CURLVERSION_NOW);
- m_useragent += " libcurl/";
- if (curlver)
- m_useragent = m_useragent + curlver->version + ' ' + curlver->ssl_version;
- else
- m_useragent = m_useragent + LIBCURL_VERSION + ' ' + OPENSSL_VERSION_TEXT;
+
+ if (curlver) {
+ m_useragent = m_useragent + " libcurl/" + curlver->version + ' ' + curlver->ssl_version;
+ }
+
curl_easy_setopt(m_handle, CURLOPT_USERAGENT, m_useragent.c_str());
}
// Make the call.
log.debug("sending SOAP message to %s", m_endpoint.c_str());
- if (curl_easy_perform(m_handle) != CURLE_OK) {
+ CURLcode code = curl_easy_perform(m_handle);
+ if (code != CURLE_OK) {
+ if (code == CURLE_SSL_CIPHER) {
+ log.error("on Red Hat 6+, make sure libcurl used is built with OpenSSL");
+ }
throw IOException(
string("CURLSOAPTransport failed while contacting SOAP endpoint (") + m_endpoint + "): " +
(curl_errorbuf[0] ? curl_errorbuf : "no further information available"));
{
CURLSOAPTransport* conf = reinterpret_cast<CURLSOAPTransport*>(userptr);
- // Default flags manually disable SSLv2 so we're not dependent on libcurl to do it.
- // Also disable the ticket option where implemented, since this breaks a variety
- // of servers. Newer libcurl also does this for us.
+ // Default flags manually disable SSLv2 and SSLv3 so we're not dependent on libcurl
+ // to do it. Also disable the ticket option where implemented, since this breaks a
+ // variety of servers. Newer libcurl also does this for us.
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ssl_ctx, conf->m_openssl_ops|SSL_OP_NO_TICKET);
#else