mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 16:18:48 -05:00
SSL: Follow up work to commits 6a1363128f
and 87861c9b0e
Changed the failure code when TLS v1.1 and v1.2 is requested but not supported by older OpenSSL versions, following review from libcurl peers, and reduced the number of required preprocessor if statements.
This commit is contained in:
parent
6a1363128f
commit
65e556d0ce
12
lib/ssluse.c
12
lib/ssluse.c
@ -1568,10 +1568,8 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
case CURL_SSLVERSION_TLSv1_0:
|
||||
ctx_options |= SSL_OP_NO_SSLv2;
|
||||
ctx_options |= SSL_OP_NO_SSLv3;
|
||||
#if defined(SSL_OP_NO_TLSv1_1)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
||||
ctx_options |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
#if defined(SSL_OP_NO_TLSv1_2)
|
||||
ctx_options |= SSL_OP_NO_TLSv1_2;
|
||||
#endif
|
||||
break;
|
||||
@ -1581,24 +1579,20 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
ctx_options |= SSL_OP_NO_SSLv2;
|
||||
ctx_options |= SSL_OP_NO_SSLv3;
|
||||
ctx_options |= SSL_OP_NO_TLSv1;
|
||||
#if defined(SSL_OP_NO_TLSv1_2)
|
||||
ctx_options |= SSL_OP_NO_TLSv1_2;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case CURL_SSLVERSION_TLSv1_2:
|
||||
ctx_options |= SSL_OP_NO_SSLv2;
|
||||
ctx_options |= SSL_OP_NO_SSLv3;
|
||||
ctx_options |= SSL_OP_NO_TLSv1;
|
||||
#if defined(SSL_OP_NO_TLSv1_1)
|
||||
ctx_options |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
failf(data, "Unsupported cipher version");
|
||||
return CURLE_SSL_CIPHER;
|
||||
failf(data, "Unsupported SSL protocol version");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
SSL_CTX_set_options(connssl->ctx, ctx_options);
|
||||
|
Loading…
Reference in New Issue
Block a user