mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575
(precedes 7.56.1).
Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2227
This commit is contained in:
parent
3b548ffde9
commit
6fa10c8fa2
@ -46,10 +46,15 @@ TLSv1.1
|
||||
TLSv1.2
|
||||
.IP CURL_SSLVERSION_TLSv1_3
|
||||
TLSv1.3
|
||||
.RE
|
||||
The maximum TLS version can be set by using \fIone\fP of the
|
||||
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
|
||||
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
|
||||
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
|
||||
.RS
|
||||
.IP CURL_SSLVERSION_MAX_DEFAULT
|
||||
The flag defines the maximum supported TLS version as TLSv1.2, or the default
|
||||
value from the SSL library. Only the NSS library currently allows one to get
|
||||
the maximum supported TLS version.
|
||||
value from the SSL library.
|
||||
(Added in 7.54.0)
|
||||
.IP CURL_SSLVERSION_MAX_TLSv1_0
|
||||
The flag defines maximum supported TLS version as TLSv1.0.
|
||||
@ -75,8 +80,7 @@ if(curl) {
|
||||
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
|
||||
|
||||
/* ask libcurl to use TLS version 1.0 or later */
|
||||
curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
|
||||
CURL_SSLVERSION_MAX_DEFAULT);
|
||||
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
|
||||
|
||||
/* Perform the request */
|
||||
curl_easy_perform(curl);
|
||||
|
@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0)
|
||||
TLSv1.2 (Added in 7.34.0)
|
||||
.IP CURL_SSLVERSION_TLSv1_3
|
||||
TLSv1.3 (Added in 7.52.0)
|
||||
.RE
|
||||
The maximum TLS version can be set by using \fIone\fP of the
|
||||
CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
|
||||
CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
|
||||
The MAX macros are not supported for SSL backends axTLS or wolfSSL.
|
||||
.RS
|
||||
.IP CURL_SSLVERSION_MAX_DEFAULT
|
||||
The flag defines the maximum supported TLS version as TLSv1.2, or the default
|
||||
value from the SSL library. Only the NSS library currently allows one to get
|
||||
the maximum supported TLS version.
|
||||
value from the SSL library.
|
||||
(Added in 7.54.0)
|
||||
.IP CURL_SSLVERSION_MAX_TLSv1_0
|
||||
The flag defines maximum supported TLS version as TLSv1.0.
|
||||
@ -78,9 +83,8 @@ CURL *curl = curl_easy_init();
|
||||
if(curl) {
|
||||
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
|
||||
|
||||
/* ask libcurl to use TLS version 1.1 or later */
|
||||
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
|
||||
CURL_SSLVERSION_MAX_DEFAULT);
|
||||
/* ask libcurl to use TLS version 1.0 or later */
|
||||
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
|
||||
|
||||
/* Perform the request */
|
||||
curl_easy_perform(curl);
|
||||
|
42
lib/setopt.c
42
lib/setopt.c
@ -360,32 +360,34 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
|
||||
*/
|
||||
data->set.timevalue = (time_t)va_arg(param, long);
|
||||
break;
|
||||
|
||||
case CURLOPT_SSLVERSION:
|
||||
case CURLOPT_PROXY_SSLVERSION:
|
||||
/*
|
||||
* Set explicit SSL version to try to connect with, as some SSL
|
||||
* implementations are lame.
|
||||
*/
|
||||
#ifdef USE_SSL
|
||||
arg = va_arg(param, long);
|
||||
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
|
||||
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||
data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg);
|
||||
data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
|
||||
#else
|
||||
result = CURLE_UNKNOWN_OPTION;
|
||||
#endif
|
||||
break;
|
||||
case CURLOPT_PROXY_SSLVERSION:
|
||||
/*
|
||||
* Set explicit SSL version to try to connect with for proxy, as some SSL
|
||||
* implementations are lame.
|
||||
*/
|
||||
#ifdef USE_SSL
|
||||
arg = va_arg(param, long);
|
||||
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
|
||||
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||
data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg);
|
||||
data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
|
||||
{
|
||||
long version, version_max;
|
||||
struct ssl_primary_config *primary = (option == CURLOPT_SSLVERSION ?
|
||||
&data->set.ssl.primary :
|
||||
&data->set.proxy_ssl.primary);
|
||||
|
||||
arg = va_arg(param, long);
|
||||
|
||||
version = C_SSLVERSION_VALUE(arg);
|
||||
version_max = C_SSLVERSION_MAX_VALUE(arg);
|
||||
|
||||
if(version < CURL_SSLVERSION_DEFAULT ||
|
||||
version >= CURL_SSLVERSION_LAST ||
|
||||
version_max < CURL_SSLVERSION_MAX_NONE ||
|
||||
version_max >= CURL_SSLVERSION_MAX_LAST)
|
||||
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||
|
||||
primary->version = version;
|
||||
primary->version_max = version_max;
|
||||
}
|
||||
#else
|
||||
result = CURLE_UNKNOWN_OPTION;
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user