added commandline option to enforce using TLSv1_client_method() instead of SSLv3_client_method() for compatibility reasons

(based on thieso2's fork of proxytunnel - just optional this time)

cmdline.c

@@ -132,6 +132,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 	args_info->encryptproxy_given = 0;
 	args_info->encryptremproxy_given = 0;
 	args_info->proctitle_given = 0;
+	args_info->enforcetls1_given = 0;
 
 /* No... we can't make this a function... -- Maniac */
 #define clear_args() \
@@ -157,6 +158,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 	args_info->encryptproxy_flag = 0; \
 	args_info->encryptremproxy_flag = 0; \
 	args_info->proctitle_arg = NULL; \
+	args_info->enforcetls1_flag = 0; \
 } 
 
 	clear_args();
@@ -189,6 +191,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 			{ "remproxy",		1, NULL, 'r' },
 			{ "remproxyauth",	1, NULL, 'R' },
 			{ "proctitle",		1, NULL, 'x' },
+			{ "tlsenforce",     1, NULL, 'L' },
 			{ "header",			1, NULL, 'H' },
 			{ "verbose",		0, NULL, 'v' },
 			{ "ntlm",			0, NULL, 'N' },
@@ -201,9 +204,9 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 			{ NULL,				0, NULL, 0 }
 		};
 
-		c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq", long_options, &option_index);
+		c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqL", long_options, &option_index);
 #else
-		c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq" );
+		c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqL" );
 #endif
 
 		if (c == -1)
@@ -262,6 +265,12 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 				args_info->proctitle_arg = gengetopt_strdup (optarg);
 				break;
 
+			case 'L':
+				args_info->enforcetls1_given = 1;
+				message("Enforcing TLSv1");
+				args_info->enforcetls1_flag = 1;
+				break;
+
 			case 'u':	/* Username to send to HTTPS proxy for authentication.  */
 				if (args_info->user_given) {
 					fprintf (stderr, "%s: `--user' (`-u'), `--proxyauth' (`-P') or `--passfile' (`-F') option given more than once\n", PACKAGE);

cmdline.h

@@ -48,6 +48,7 @@ struct gengetopt_args_info {
 	int encryptproxy_flag;	/* Turn on client to proxy SSL encryption (def=off).*/
 	int encryptremproxy_flag;  /* Turn on local to remote proxy SSL encryption (def=off).*/
 	char *proctitle_arg;	/* Override process title (default=off). */
+	int enforcetls1_flag;    /* Override default and enforce TLSv1 */
 	int help_given;			/* Whether help was given. */
 	int version_given;		/* Whether version was given. */
 	int user_given;			/* Whether user was given. */
@@ -71,6 +72,7 @@ struct gengetopt_args_info {
 	int encryptproxy_given;	/* Whether encrypt was given */
 	int encryptremproxy_given;   /* Whether encrypt was given */
 	int proctitle_given;	/* Whether to override process title */
+	int enforcetls1_given;   /* Wheter to enforce TLSv1 */
 };
 
 int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *args_info );

ptstream.c

@@ -151,7 +151,11 @@ int stream_enable_ssl(PTSTREAM *pts) {
 	
 	/* Initialise the connection */
 	SSLeay_add_ssl_algorithms();
-	meth = SSLv23_client_method();
+	if (args_info.enforcetls1_flag) {
+		meth = TLSv1_client_method();
+	} else {
+		meth = SSLv23_client_method();
+	}
 	SSL_load_error_strings();
 
 	ctx = SSL_CTX_new (meth);