mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
parent
e968029b4d
commit
9bdadbbdee
@ -94,6 +94,10 @@ static bool gtls_inited = FALSE;
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if (GNUTLS_VERSION_NUMBER >= 0x030603)
|
||||
#define HAS_TLS13
|
||||
#endif
|
||||
|
||||
#ifdef HAS_OCSP
|
||||
# include <gnutls/ocsp.h>
|
||||
#endif
|
||||
@ -391,6 +395,9 @@ set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn)
|
||||
switch(ssl_version_max) {
|
||||
case CURL_SSLVERSION_MAX_NONE:
|
||||
case CURL_SSLVERSION_MAX_DEFAULT:
|
||||
#ifdef HAS_TLS13
|
||||
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
|
||||
#endif
|
||||
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
|
||||
break;
|
||||
}
|
||||
@ -408,8 +415,13 @@ set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn)
|
||||
protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_2;
|
||||
break;
|
||||
case CURL_SSLVERSION_TLSv1_3:
|
||||
#ifdef HAS_TLS13
|
||||
protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_3;
|
||||
break;
|
||||
#else
|
||||
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
return CURLE_OK;
|
||||
@ -427,11 +439,7 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||
struct Curl_easy *data = conn->data;
|
||||
long ssl_version = SSL_CONN_CONFIG(version);
|
||||
long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
||||
if(ssl_version == CURL_SSLVERSION_TLSv1_3 ||
|
||||
ssl_version_max == CURL_SSLVERSION_MAX_TLSv1_3) {
|
||||
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
|
||||
ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT;
|
||||
}
|
||||
@ -445,7 +453,6 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||
"+VERS-TLS1.0:+VERS-TLS1.1:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
@ -454,15 +461,54 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||
"+VERS-TLS1.1:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.2:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_TLSv1_3:
|
||||
#ifdef HAS_TLS13
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.3:" GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
#else
|
||||
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
#endif
|
||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:"
|
||||
#ifdef HAS_TLS13
|
||||
"+VERS-TLS1.3:"
|
||||
#endif
|
||||
GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.1:+VERS-TLS1.2:"
|
||||
#ifdef HAS_TLS13
|
||||
"+VERS-TLS1.3:"
|
||||
#endif
|
||||
GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.2:"
|
||||
#ifdef HAS_TLS13
|
||||
"+VERS-TLS1.3:"
|
||||
#endif
|
||||
GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||
"+VERS-TLS1.2:"
|
||||
#ifdef HAS_TLS13
|
||||
"+VERS-TLS1.3:"
|
||||
#endif
|
||||
GNUTLS_SRP;
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
failf(data, "GnuTLS: cannot set ssl protocol");
|
||||
@ -675,6 +721,9 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
protocol_priority[0] = GNUTLS_TLS1_0;
|
||||
protocol_priority[1] = GNUTLS_TLS1_1;
|
||||
protocol_priority[2] = GNUTLS_TLS1_2;
|
||||
#ifdef HAS_TLS13
|
||||
protocol_priority[3] = GNUTLS_TLS1_3;
|
||||
#endif
|
||||
break;
|
||||
case CURL_SSLVERSION_TLSv1_0:
|
||||
case CURL_SSLVERSION_TLSv1_1:
|
||||
@ -711,7 +760,11 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
break;
|
||||
case CURL_SSLVERSION_DEFAULT:
|
||||
case CURL_SSLVERSION_TLSv1:
|
||||
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:" GNUTLS_SRP;
|
||||
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:"
|
||||
#ifdef HAS_TLS13
|
||||
"+VERS-TLS1.3:"
|
||||
#endif
|
||||
GNUTLS_SRP;
|
||||
break;
|
||||
case CURL_SSLVERSION_TLSv1_0:
|
||||
case CURL_SSLVERSION_TLSv1_1:
|
||||
|
Loading…
Reference in New Issue
Block a user