From 14d72dbc4301c032124e45b63e3405c898261c93 Mon Sep 17 00:00:00 2001
From: Roger Garza <roger.garza@rackspace.com>
Date: Fri, 13 Jun 2014 23:57:18 -0500
Subject: [PATCH] Add option for specifying ssl_version

---
 ext/patron/session_ext.c | 16 ++++++++++++++--
 lib/patron/request.rb    |  5 +++--
 lib/patron/session.rb    |  4 ++++
 spec/session_ssl_spec.rb |  8 ++++++++
 4 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/ext/patron/session_ext.c b/ext/patron/session_ext.c
index 78255b4..9fc3cb1 100644
--- a/ext/patron/session_ext.c
+++ b/ext/patron/session_ext.c
@@ -341,6 +341,7 @@ static void set_options_from_request(VALUE self, VALUE request) {
   VALUE ignore_content_length = Qnil;
   VALUE insecure              = Qnil;
   VALUE cacert                = Qnil;
+  VALUE ssl_version           = Qnil;
   VALUE buffer_size           = Qnil;
   VALUE action_name           = rb_iv_get(request, "@action");
 
@@ -471,7 +472,7 @@ static void set_options_from_request(VALUE self, VALUE request) {
 
   proxy = rb_iv_get(request, "@proxy");
   if (!NIL_P(proxy)) {
-      curl_easy_setopt(curl, CURLOPT_PROXY, StringValuePtr(proxy));
+    curl_easy_setopt(curl, CURLOPT_PROXY, StringValuePtr(proxy));
   }
 
   proxy_type = rb_iv_get(request, "@proxy_type");
@@ -496,6 +497,18 @@ static void set_options_from_request(VALUE self, VALUE request) {
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
   }
 
+  ssl_version = rb_iv_get(request, "@ssl_version");
+  if(!NIL_P(ssl_version)) {
+    char* version = StringValuePtr(ssl_version);
+    if(strcmp(version, "SSLv2") == 0) {
+      curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
+    } else if(strcmp(version, "SSLv3") == 0) {
+      curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+    } else if(strcmp(version, "TLSv1") == 0) {
+      curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+    }
+  }
+
   cacert = rb_iv_get(request, "@cacert");
   if(!NIL_P(cacert)) {
     curl_easy_setopt(curl, CURLOPT_CAINFO, StringValuePtr(cacert));
@@ -766,4 +779,3 @@ void Init_session_ext() {
   rb_define_const(mProxyType, "SOCKS4A", INT2FIX(CURLPROXY_SOCKS4A));
   rb_define_const(mProxyType, "SOCKS5_HOSTNAME", INT2FIX(CURLPROXY_SOCKS5_HOSTNAME));
 }
-
diff --git a/lib/patron/request.rb b/lib/patron/request.rb
index 07230c9..f5d17c5 100644
--- a/lib/patron/request.rb
+++ b/lib/patron/request.rb
@@ -45,12 +45,13 @@ def initialize
     READER_VARS = [
       :url, :username, :password, :file_name, :proxy, :proxy_type, :insecure,
       :ignore_content_length, :multipart, :action, :timeout, :connect_timeout,
-      :max_redirects, :headers, :auth_type, :upload_data, :buffer_size, :cacert
+      :max_redirects, :headers, :auth_type, :upload_data, :buffer_size, :cacert,
+      :ssl_version
     ]
 
     WRITER_VARS = [
       :url, :username, :password, :file_name, :proxy, :proxy_type, :insecure,
-      :ignore_content_length, :multipart, :cacert
+      :ignore_content_length, :multipart, :cacert, :ssl_version
     ]
 
     attr_reader *READER_VARS
diff --git a/lib/patron/session.rb b/lib/patron/session.rb
index edd7b87..b15f77e 100644
--- a/lib/patron/session.rb
+++ b/lib/patron/session.rb
@@ -68,6 +68,9 @@ class Session
     # Does this session stricly verify SSL certificates?
     attr_accessor :insecure
 
+    # Specifies the ssl version
+    attr_accessor :ssl_version
+
     # What cacert file should this session use to verify SSL certificates?
     attr_accessor :cacert
 
@@ -209,6 +212,7 @@ def request(action, url, headers, options = {})
       req.proxy_type             = options.fetch :proxy_type,            self.proxy_type
       req.auth_type              = options.fetch :auth_type,             self.auth_type
       req.insecure               = options.fetch :insecure,              self.insecure
+      req.ssl_version            = options.fetch :ssl_version,           self.ssl_version
       req.cacert                 = options.fetch :cacert,                self.cacert
       req.ignore_content_length  = options.fetch :ignore_content_length, self.ignore_content_length
       req.buffer_size            = options.fetch :buffer_size,           self.buffer_size
diff --git a/spec/session_ssl_spec.rb b/spec/session_ssl_spec.rb
index a667af2..baa8534 100644
--- a/spec/session_ssl_spec.rb
+++ b/spec/session_ssl_spec.rb
@@ -259,6 +259,14 @@
     body.request_method.should == "GET"
   end
 
+  it "should work with different SSL versions" do
+    ['SSLv2', 'SSLv3', 'TLSv1'].each do |version|
+      @session.ssl_version = version
+      response = @session.get("/test")
+      response.status.should == 200
+    end
+  end
+
   # ------------------------------------------------------------------------
   describe 'when debug is enabled' do
     it 'it should not clobber stderr' do