moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

SSL: Follow up work to commits 6a1363128f and 87861c9b0e 

Changed the failure code when TLS v1.1 and v1.2 is requested but not
supported by older OpenSSL versions, following review from libcurl
peers, and reduced the number of required preprocessor if statements.
This commit is contained in:
Steve Holme 2013-10-17 19:57:26 +01:00
parent 6a1363128f
commit 65e556d0ce
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/ssluse.c
View File

@ -1568,10 +1568,8 @@ ossl_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_0:
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
#if defined(SSL_OP_NO_TLSv1_1)
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
ctx_options |= SSL_OP_NO_TLSv1_1;
#endif
#if defined(SSL_OP_NO_TLSv1_2)
ctx_options |= SSL_OP_NO_TLSv1_2;
#endif
break;
@ -1581,24 +1579,20 @@ ossl_connect_step1(struct connectdata *conn,
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if defined(SSL_OP_NO_TLSv1_2)
ctx_options |= SSL_OP_NO_TLSv1_2;
#endif
break;
case CURL_SSLVERSION_TLSv1_2:
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if defined(SSL_OP_NO_TLSv1_1)
ctx_options |= SSL_OP_NO_TLSv1_1;
#endif
break;
#endif
default:
failf(data, "Unsupported cipher version");
return CURLE_SSL_CIPHER;
failf(data, "Unsupported SSL protocol version");
return CURLE_SSL_CONNECT_ERROR;
}
SSL_CTX_set_options(connssl->ctx, ctx_options);