From 59831dcbb9b9f7fe5edf11a11340a83b65050444 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 20 May 2013 16:27:35 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/CPPXT-95

---
 xmltooling/XMLToolingConfig.cpp            | 4 +++-
 xmltooling/soap/impl/CURLSOAPTransport.cpp | 6 +++++-
 xmltooling/util/CurlURLInputStream.cpp     | 3 +++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp
index 97c0a93..4a6e873 100644
--- a/xmltooling/XMLToolingConfig.cpp
+++ b/xmltooling/XMLToolingConfig.cpp
@@ -397,7 +397,9 @@ bool XMLToolingInternalConfig::init()
         if (curlver) {
             log.debug("libcurl %s initialization complete", curlver->version);
             if (!(curlver->features & CURL_VERSION_SSL)) {
-                log.warn("libcurl lacks TLS/SSL support, this will greatly limit functionality");
+                log.crit("libcurl lacks TLS/SSL support, this will greatly limit functionality");
+            } else if (curlver->ssl_version && !strstr(curlver->ssl_version, "OpenSSL")) {
+                log.crit("libcurl lacks OpenSSL-specific options, this will greatly limit functionality");
             }
         }
         else {
diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index d91ecfc..b2490fb 100644
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -568,7 +568,11 @@ void CURLSOAPTransport::send(istream* in)
 
     // Make the call.
     log.debug("sending SOAP message to %s", m_endpoint.c_str());
-    if (curl_easy_perform(m_handle) != CURLE_OK) {
+    CURLcode code = curl_easy_perform(m_handle);
+    if (code != CURLE_OK) {
+        if (code == CURLE_SSL_CIPHER) {
+            log.error("on Red Hat 6+, make sure libcurl used is built with OpenSSL");
+        }
         throw IOException(
             string("CURLSOAPTransport failed while contacting SOAP endpoint (") + m_endpoint + "): " +
                 (curl_errorbuf[0] ? curl_errorbuf : "no further information available"));
diff --git a/xmltooling/util/CurlURLInputStream.cpp b/xmltooling/util/CurlURLInputStream.cpp
index 2c91f4b..e5036da 100644
--- a/xmltooling/util/CurlURLInputStream.cpp
+++ b/xmltooling/util/CurlURLInputStream.cpp
@@ -523,6 +523,9 @@ bool CurlURLInputStream::readMore(int* runningHandles)
 
         default:
             fLog.error("error while fetching %s: (%d) %s", fURL.c_str(), msg->data.result, fError);
+            if (msg->data.result == CURLE_SSL_CIPHER) {
+                fLog.error("on Red Hat 6+, make sure libcurl used is built with OpenSSL");
+            }
             ThrowXML1(NetAccessorException, XMLExcepts::NetAcc_InternalError, fURL.c_str());
             break;
         }
-- 
2.1.4