1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 09:08:49 -05:00

openssl: indent, re-organize and add comments

This commit is contained in:
Clément Notin 2019-09-08 15:09:32 +02:00 committed by Daniel Stenberg
parent 67b30b3418
commit 9136542d33
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -2466,48 +2466,54 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
#endif #endif
switch(ssl_version) { switch(ssl_version) {
case CURL_SSLVERSION_SSLv3: /* "--sslv2" option means SSLv2 only, disable all others */
ctx_options |= SSL_OP_NO_SSLv2; case CURL_SSLVERSION_SSLv2:
ctx_options |= SSL_OP_NO_TLSv1; ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
ctx_options |= SSL_OP_NO_TLSv1_1; ctx_options |= SSL_OP_NO_TLSv1_1;
ctx_options |= SSL_OP_NO_TLSv1_2; ctx_options |= SSL_OP_NO_TLSv1_2;
#ifdef TLS1_3_VERSION #ifdef TLS1_3_VERSION
ctx_options |= SSL_OP_NO_TLSv1_3; ctx_options |= SSL_OP_NO_TLSv1_3;
#endif #endif
#endif #endif
break; break;
case CURL_SSLVERSION_DEFAULT: /* "--sslv3" option means SSLv3 only, disable all others */
case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_SSLv3:
case CURL_SSLVERSION_TLSv1_0: #if OPENSSL_VERSION_NUMBER >= 0x10100000L
case CURL_SSLVERSION_TLSv1_1: SSL_CTX_set_min_proto_version(BACKEND->ctx, SSL3_VERSION);
case CURL_SSLVERSION_TLSv1_2: #endif
case CURL_SSLVERSION_TLSv1_3: ctx_options |= SSL_OP_NO_SSLv2;
/* asking for any TLS version as the minimum, means no SSL versions ctx_options |= SSL_OP_NO_TLSv1;
allowed */
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
case CURL_SSLVERSION_SSLv2:
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
ctx_options |= SSL_OP_NO_TLSv1_1; ctx_options |= SSL_OP_NO_TLSv1_1;
ctx_options |= SSL_OP_NO_TLSv1_2; ctx_options |= SSL_OP_NO_TLSv1_2;
#ifdef TLS1_3_VERSION #ifdef TLS1_3_VERSION
ctx_options |= SSL_OP_NO_TLSv1_3; ctx_options |= SSL_OP_NO_TLSv1_3;
#endif #endif
#endif #endif
break; break;
default: /* "--tlsv<x.y>" options mean TLS >= version <x.y> */
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); case CURL_SSLVERSION_DEFAULT:
return CURLE_SSL_CONNECT_ERROR; case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */
/* asking for any TLS version as the minimum, means no SSL versions
allowed */
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
default:
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
return CURLE_SSL_CONNECT_ERROR;
} }
SSL_CTX_set_options(BACKEND->ctx, ctx_options); SSL_CTX_set_options(BACKEND->ctx, ctx_options);