vtls: add options to specify range of enabled TLS versions

This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
author: Jozef Kralik <jozef.kralik@eset.sk> 2016-12-13 21:10:00 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2017-03-08 15:54:07 +0100
commit: 6448f98c1857de521fb2dd3f9d4e5659845b5474 (patch)
tree: 183b4febdb062f32be9113ae170e3b57f44a4b28 /lib/vtls/cyassl.c
parent: b66690733642d764199eeb1b64aaaa2513c13db3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 1e3b346d6..2dfd79dce 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -149,6 +149,11 @@ cyassl_connect_step1(struct connectdata *conn,
   if(conssl->state == ssl_connection_complete)
     return CURLE_OK;
 
+  if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) {
+    failf(data, "CyaSSL does not support to set maximum SSL/TLS version");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
   /* check to see if we've been told to use an explicit SSL/TLS version */
   switch(SSL_CONN_CONFIG(version)) {
   case CURL_SSLVERSION_DEFAULT:
author	Jozef Kralik <jozef.kralik@eset.sk>	2016-12-13 21:10:00 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2017-03-08 15:54:07 +0100
commit	6448f98c1857de521fb2dd3f9d4e5659845b5474 (patch)
tree	183b4febdb062f32be9113ae170e3b57f44a4b28 /lib/vtls/cyassl.c
parent	b66690733642d764199eeb1b64aaaa2513c13db3 (diff)