setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values

Broken since f121575 (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2227
This commit is contained in:
Jay Satiro 2018-01-10 03:14:15 -05:00
parent 3b548ffde9
commit 6fa10c8fa2
3 changed files with 39 additions and 29 deletions

View File

@ -46,10 +46,15 @@ TLSv1.1
TLSv1.2
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3
.RE
The maximum TLS version can be set by using \fIone\fP of the
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
.RS
.IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default
value from the SSL library. Only the NSS library currently allows one to get
the maximum supported TLS version.
value from the SSL library.
(Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0.
@ -75,8 +80,7 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.0 or later */
curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
CURL_SSLVERSION_MAX_DEFAULT);
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
/* Perform the request */
curl_easy_perform(curl);

View File

@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0)
TLSv1.2 (Added in 7.34.0)
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3 (Added in 7.52.0)
.RE
The maximum TLS version can be set by using \fIone\fP of the
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
.RS
.IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default
value from the SSL library. Only the NSS library currently allows one to get
the maximum supported TLS version.
value from the SSL library.
(Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0.
@ -78,9 +83,8 @@ CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.1 or later */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
CURL_SSLVERSION_MAX_DEFAULT);
/* ask libcurl to use TLS version 1.0 or later */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
/* Perform the request */
curl_easy_perform(curl);

View File

@ -360,32 +360,34 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.timevalue = (time_t)va_arg(param, long);
break;
case CURLOPT_SSLVERSION:
case CURLOPT_PROXY_SSLVERSION:
/*
* Set explicit SSL version to try to connect with, as some SSL
* implementations are lame.
*/
#ifdef USE_SSL
{
long version, version_max;
struct ssl_primary_config *primary = (option == CURLOPT_SSLVERSION ?
&data->set.ssl.primary :
&data->set.proxy_ssl.primary);
arg = va_arg(param, long);
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
version = C_SSLVERSION_VALUE(arg);
version_max = C_SSLVERSION_MAX_VALUE(arg);
if(version < CURL_SSLVERSION_DEFAULT ||
version >= CURL_SSLVERSION_LAST ||
version_max < CURL_SSLVERSION_MAX_NONE ||
version_max >= CURL_SSLVERSION_MAX_LAST)
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg);
data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
#else
result = CURLE_UNKNOWN_OPTION;
#endif
break;
case CURLOPT_PROXY_SSLVERSION:
/*
* Set explicit SSL version to try to connect with for proxy, as some SSL
* implementations are lame.
*/
#ifdef USE_SSL
arg = va_arg(param, long);
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg);
data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
primary->version = version;
primary->version_max = version_max;
}
#else
result = CURLE_UNKNOWN_OPTION;
#endif