diff options
author | Gergely Nagy <ngg@tresorit.com> | 2013-09-19 15:17:13 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-10-15 20:26:47 +0200 |
commit | ad34a2d5c87c7f4b14e8dded34569395de0d8c5b (patch) | |
tree | a04f58cee7781e3b0fcf4d5701ccc53f547f8d38 /lib/qssl.c | |
parent | 31e106c01c594190432c386e3d1de87af6c4f242 (diff) |
SSL: protocol version can be specified more precisely
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
(CURL_SSLVERSION_TLSv1 means TLS 1.x).
axTLS:
axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one
of these should be used, so we don't allow the new enum values.
darwinssl:
Added support for the new enum values.
SChannel:
Added support for the new enum values.
CyaSSL:
Added support for the new enum values.
Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it
did the same before this commit), because CyaSSL cannot be configured to
use TLS 1.0-1.2.
GSKit:
GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow
those values.
Bugfix: There was a typo that caused wrong SSL versions to be passed to
GSKit.
NSS:
TLS minor version cannot be set, so we don't allow the new enum values.
QsoSSL:
TLS minor version cannot be set, so we don't allow the new enum values.
OpenSSL:
Added support for the new enum values.
Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0,
now it enables 1.0-1.2.
Command-line tool:
Added command line options for the new values.
Diffstat (limited to 'lib/qssl.c')
-rw-r--r-- | lib/qssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/qssl.c b/lib/qssl.c index b8a8daeca..42bf890fc 100644 --- a/lib/qssl.c +++ b/lib/qssl.c @@ -204,6 +204,12 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex) case CURL_SSLVERSION_SSLv3: h->protocol = SSL_VERSION_3; break; + + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + failf(data, "TLS minor version cannot be set"); + return CURLE_SSL_CONNECT_ERROR; } h->peerCert = NULL; |