diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-10-16 20:48:24 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-10-16 20:48:24 +0100 |
| commit | 6a1363128f1107330fb16a8095c41991e32753bd (patch) | |
| tree | 2120962e8af42af66e0ed82bbd76988b6aaf552a | |
| parent | 75b9b26465d5f01b52564293c2d553649f801f70 (diff) | |
SSL: Added unsupported cipher version check for OpenSSL
...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2
being conditional on OpenSSL v1.0.1 as the appropriate flags are not
supported under earlier versions.
| -rw-r--r-- | lib/ssluse.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 37178f8aa..0faf43cf3 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1559,10 +1559,12 @@ ossl_connect_step1(struct connectdata *conn, } #endif break; + case CURL_SSLVERSION_TLSv1: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; break; + case CURL_SSLVERSION_TLSv1_0: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; @@ -1573,6 +1575,8 @@ ossl_connect_step1(struct connectdata *conn, ctx_options |= SSL_OP_NO_TLSv1_2; #endif break; + +#if OPENSSL_VERSION_NUMBER >= 0x1000100FL case CURL_SSLVERSION_TLSv1_1: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; @@ -1581,6 +1585,7 @@ ossl_connect_step1(struct connectdata *conn, ctx_options |= SSL_OP_NO_TLSv1_2; #endif break; + case CURL_SSLVERSION_TLSv1_2: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; @@ -1589,6 +1594,11 @@ ossl_connect_step1(struct connectdata *conn, ctx_options |= SSL_OP_NO_TLSv1_1; #endif break; +#endif + + default: + failf(data, "Unsupported cipher version"); + return CURLE_SSL_CIPHER; } SSL_CTX_set_options(connssl->ctx, ctx_options); |