diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-10-17 19:57:26 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-10-17 19:57:26 +0100 |
| commit | 65e556d0ce1d788ce5649145b44cad836114dca8 (patch) | |
| tree | d8bf1e4d07f6f1c764c89a9225ad8107d6a1a2a3 | |
| parent | 6a1363128f1107330fb16a8095c41991e32753bd (diff) | |
SSL: Follow up work to commits 6a1363128f1107 and 87861c9b0e8155
Changed the failure code when TLS v1.1 and v1.2 is requested but not
supported by older OpenSSL versions, following review from libcurl
peers, and reduced the number of required preprocessor if statements.
| -rw-r--r-- | lib/ssluse.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 0faf43cf3..d0a83f740 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1568,10 +1568,8 @@ ossl_connect_step1(struct connectdata *conn, case CURL_SSLVERSION_TLSv1_0: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; -#if defined(SSL_OP_NO_TLSv1_1) +#if OPENSSL_VERSION_NUMBER >= 0x1000100FL ctx_options |= SSL_OP_NO_TLSv1_1; -#endif -#if defined(SSL_OP_NO_TLSv1_2) ctx_options |= SSL_OP_NO_TLSv1_2; #endif break; @@ -1581,24 +1579,20 @@ ossl_connect_step1(struct connectdata *conn, ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; ctx_options |= SSL_OP_NO_TLSv1; -#if defined(SSL_OP_NO_TLSv1_2) ctx_options |= SSL_OP_NO_TLSv1_2; -#endif break; case CURL_SSLVERSION_TLSv1_2: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; ctx_options |= SSL_OP_NO_TLSv1; -#if defined(SSL_OP_NO_TLSv1_1) ctx_options |= SSL_OP_NO_TLSv1_1; -#endif break; #endif default: - failf(data, "Unsupported cipher version"); - return CURLE_SSL_CIPHER; + failf(data, "Unsupported SSL protocol version"); + return CURLE_SSL_CONNECT_ERROR; } SSL_CTX_set_options(connssl->ctx, ctx_options); |