1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

SSL: Follow up work to commits 6a1363128f and 87861c9b0e

Changed the failure code when TLS v1.1 and v1.2 is requested but not
supported by older OpenSSL versions, following review from libcurl
peers, and reduced the number of required preprocessor if statements.
This commit is contained in:
Steve Holme 2013-10-17 19:57:26 +01:00
parent 6a1363128f
commit 65e556d0ce

View File

@ -1568,10 +1568,8 @@ ossl_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_0:
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
#if defined(SSL_OP_NO_TLSv1_1)
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
ctx_options |= SSL_OP_NO_TLSv1_1;
#endif
#if defined(SSL_OP_NO_TLSv1_2)
ctx_options |= SSL_OP_NO_TLSv1_2;
#endif
break;
@ -1581,24 +1579,20 @@ ossl_connect_step1(struct connectdata *conn,
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if defined(SSL_OP_NO_TLSv1_2)
ctx_options |= SSL_OP_NO_TLSv1_2;
#endif
break;
case CURL_SSLVERSION_TLSv1_2:
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if defined(SSL_OP_NO_TLSv1_1)
ctx_options |= SSL_OP_NO_TLSv1_1;
#endif
break;
#endif
default:
failf(data, "Unsupported cipher version");
return CURLE_SSL_CIPHER;
failf(data, "Unsupported SSL protocol version");
return CURLE_SSL_CONNECT_ERROR;
}
SSL_CTX_set_options(connssl->ctx, ctx_options);