mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 22:18:00 -05:00
openssl: indent, re-organize and add comments
This commit is contained in:
parent
67b30b3418
commit
9136542d33
@ -2466,48 +2466,54 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch(ssl_version) {
|
switch(ssl_version) {
|
||||||
case CURL_SSLVERSION_SSLv3:
|
/* "--sslv2" option means SSLv2 only, disable all others */
|
||||||
ctx_options |= SSL_OP_NO_SSLv2;
|
case CURL_SSLVERSION_SSLv2:
|
||||||
ctx_options |= SSL_OP_NO_TLSv1;
|
ctx_options |= SSL_OP_NO_SSLv3;
|
||||||
|
ctx_options |= SSL_OP_NO_TLSv1;
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_1;
|
ctx_options |= SSL_OP_NO_TLSv1_1;
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_2;
|
ctx_options |= SSL_OP_NO_TLSv1_2;
|
||||||
#ifdef TLS1_3_VERSION
|
#ifdef TLS1_3_VERSION
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_3;
|
ctx_options |= SSL_OP_NO_TLSv1_3;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CURL_SSLVERSION_DEFAULT:
|
/* "--sslv3" option means SSLv3 only, disable all others */
|
||||||
case CURL_SSLVERSION_TLSv1:
|
case CURL_SSLVERSION_SSLv3:
|
||||||
case CURL_SSLVERSION_TLSv1_0:
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
case CURL_SSLVERSION_TLSv1_1:
|
SSL_CTX_set_min_proto_version(BACKEND->ctx, SSL3_VERSION);
|
||||||
case CURL_SSLVERSION_TLSv1_2:
|
#endif
|
||||||
case CURL_SSLVERSION_TLSv1_3:
|
ctx_options |= SSL_OP_NO_SSLv2;
|
||||||
/* asking for any TLS version as the minimum, means no SSL versions
|
ctx_options |= SSL_OP_NO_TLSv1;
|
||||||
allowed */
|
|
||||||
ctx_options |= SSL_OP_NO_SSLv2;
|
|
||||||
ctx_options |= SSL_OP_NO_SSLv3;
|
|
||||||
result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
|
|
||||||
if(result != CURLE_OK)
|
|
||||||
return result;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case CURL_SSLVERSION_SSLv2:
|
|
||||||
ctx_options |= SSL_OP_NO_SSLv3;
|
|
||||||
ctx_options |= SSL_OP_NO_TLSv1;
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_1;
|
ctx_options |= SSL_OP_NO_TLSv1_1;
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_2;
|
ctx_options |= SSL_OP_NO_TLSv1_2;
|
||||||
#ifdef TLS1_3_VERSION
|
#ifdef TLS1_3_VERSION
|
||||||
ctx_options |= SSL_OP_NO_TLSv1_3;
|
ctx_options |= SSL_OP_NO_TLSv1_3;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
/* "--tlsv<x.y>" options mean TLS >= version <x.y> */
|
||||||
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
case CURL_SSLVERSION_DEFAULT:
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
|
||||||
|
case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
|
||||||
|
case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
|
||||||
|
case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
|
||||||
|
case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */
|
||||||
|
/* asking for any TLS version as the minimum, means no SSL versions
|
||||||
|
allowed */
|
||||||
|
ctx_options |= SSL_OP_NO_SSLv2;
|
||||||
|
ctx_options |= SSL_OP_NO_SSLv3;
|
||||||
|
result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
|
||||||
|
if(result != CURLE_OK)
|
||||||
|
return result;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
||||||
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_CTX_set_options(BACKEND->ctx, ctx_options);
|
SSL_CTX_set_options(BACKEND->ctx, ctx_options);
|
||||||
|
Loading…
Reference in New Issue
Block a user