From 6a1363128f1107330fb16a8095c41991e32753bd Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Wed, 16 Oct 2013 20:48:24 +0100
Subject: [PATCH] SSL: Added unsupported cipher version check for OpenSSL

...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2
being conditional on OpenSSL v1.0.1 as the appropriate flags are not
supported under earlier versions.
---
 lib/ssluse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 37178f8aa..0faf43cf3 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1559,10 +1559,12 @@ ossl_connect_step1(struct connectdata *conn,
     }
 #endif
     break;
+
   case CURL_SSLVERSION_TLSv1:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
     break;
+
   case CURL_SSLVERSION_TLSv1_0:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1573,6 +1575,8 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
   case CURL_SSLVERSION_TLSv1_1:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1581,6 +1585,7 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
+
   case CURL_SSLVERSION_TLSv1_2:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1589,6 +1594,11 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_1;
 #endif
     break;
+#endif
+
+  default:
+    failf(data, "Unsupported cipher version");
+    return CURLE_SSL_CIPHER;
   }
 
   SSL_CTX_set_options(connssl->ctx, ctx_options);