1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 15:48:49 -05:00

setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values

Broken since f121575 (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2227
This commit is contained in:
Jay Satiro 2018-01-10 03:14:15 -05:00
parent 3b548ffde9
commit 6fa10c8fa2
3 changed files with 39 additions and 29 deletions

View File

@ -46,10 +46,15 @@ TLSv1.1
TLSv1.2 TLSv1.2
.IP CURL_SSLVERSION_TLSv1_3 .IP CURL_SSLVERSION_TLSv1_3
TLSv1.3 TLSv1.3
.RE
The maximum TLS version can be set by using \fIone\fP of the
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
.RS
.IP CURL_SSLVERSION_MAX_DEFAULT .IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default The flag defines the maximum supported TLS version as TLSv1.2, or the default
value from the SSL library. Only the NSS library currently allows one to get value from the SSL library.
the maximum supported TLS version.
(Added in 7.54.0) (Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0 .IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0. The flag defines maximum supported TLS version as TLSv1.0.
@ -75,8 +80,7 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.0 or later */ /* ask libcurl to use TLS version 1.0 or later */
curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
CURL_SSLVERSION_MAX_DEFAULT);
/* Perform the request */ /* Perform the request */
curl_easy_perform(curl); curl_easy_perform(curl);

View File

@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0)
TLSv1.2 (Added in 7.34.0) TLSv1.2 (Added in 7.34.0)
.IP CURL_SSLVERSION_TLSv1_3 .IP CURL_SSLVERSION_TLSv1_3
TLSv1.3 (Added in 7.52.0) TLSv1.3 (Added in 7.52.0)
.RE
The maximum TLS version can be set by using \fIone\fP of the
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
.RS
.IP CURL_SSLVERSION_MAX_DEFAULT .IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default The flag defines the maximum supported TLS version as TLSv1.2, or the default
value from the SSL library. Only the NSS library currently allows one to get value from the SSL library.
the maximum supported TLS version.
(Added in 7.54.0) (Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0 .IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0. The flag defines maximum supported TLS version as TLSv1.0.
@ -78,9 +83,8 @@ CURL *curl = curl_easy_init();
if(curl) { if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.1 or later */ /* ask libcurl to use TLS version 1.0 or later */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
CURL_SSLVERSION_MAX_DEFAULT);
/* Perform the request */ /* Perform the request */
curl_easy_perform(curl); curl_easy_perform(curl);

View File

@ -360,32 +360,34 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
*/ */
data->set.timevalue = (time_t)va_arg(param, long); data->set.timevalue = (time_t)va_arg(param, long);
break; break;
case CURLOPT_SSLVERSION: case CURLOPT_SSLVERSION:
case CURLOPT_PROXY_SSLVERSION:
/* /*
* Set explicit SSL version to try to connect with, as some SSL * Set explicit SSL version to try to connect with, as some SSL
* implementations are lame. * implementations are lame.
*/ */
#ifdef USE_SSL #ifdef USE_SSL
arg = va_arg(param, long); {
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3)) long version, version_max;
return CURLE_BAD_FUNCTION_ARGUMENT; struct ssl_primary_config *primary = (option == CURLOPT_SSLVERSION ?
data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg); &data->set.ssl.primary :
data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); &data->set.proxy_ssl.primary);
#else
result = CURLE_UNKNOWN_OPTION; arg = va_arg(param, long);
#endif
break; version = C_SSLVERSION_VALUE(arg);
case CURLOPT_PROXY_SSLVERSION: version_max = C_SSLVERSION_MAX_VALUE(arg);
/*
* Set explicit SSL version to try to connect with for proxy, as some SSL if(version < CURL_SSLVERSION_DEFAULT ||
* implementations are lame. version >= CURL_SSLVERSION_LAST ||
*/ version_max < CURL_SSLVERSION_MAX_NONE ||
#ifdef USE_SSL version_max >= CURL_SSLVERSION_MAX_LAST)
arg = va_arg(param, long); return CURLE_BAD_FUNCTION_ARGUMENT;
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
return CURLE_BAD_FUNCTION_ARGUMENT; primary->version = version;
data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg); primary->version_max = version_max;
data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg); }
#else #else
result = CURLE_UNKNOWN_OPTION; result = CURLE_UNKNOWN_OPTION;
#endif #endif