diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2016-11-07 21:51:27 -0500 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2016-11-09 22:08:49 -0500 |
| commit | f43b7b6cb6724792b9680dd6d744648b4a7e5b59 (patch) | |
| tree | 6bb5d127336047637ecf6689a0531150d1b0ca04 /lib/vtls/darwinssl.c | |
| parent | 46f906a1b0e987ff8a044595550ba2a0e3d6368c (diff) | |
vtls: Fail on unrecognized param for CURLOPT_SSLVERSION
- Fix GnuTLS code for CURL_SSLVERSION_TLSv1_2 that broke when the
TLS 1.3 support was added in 6ad3add.
- Homogenize across code for all backends the error message when TLS 1.3
is not available to "<backend>: TLS 1.3 is not yet supported".
- Return an error when a user-specified ssl version is unrecognized.
---
Prior to this change our code for some of the backends used the
'default' label in the switch statement (ie ver unrecognized) for
ssl.version and treated it the same as CURL_SSLVERSION_DEFAULT.
Bug: https://curl.haxx.se/mail/lib-2016-11/0048.html
Reported-by: Kamil Dudka
Diffstat (limited to 'lib/vtls/darwinssl.c')
| -rw-r--r-- | lib/vtls/darwinssl.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 6aa30d451..73491c457 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -1053,7 +1053,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS if(SSLSetProtocolVersionMax != NULL) { switch(data->set.ssl.version) { - default: case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1); @@ -1072,7 +1071,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); break; case CURL_SSLVERSION_TLSv1_3: - failf(data, "TLSv1.3 is not yet supported with this TLS backend"); + failf(data, "DarwinSSL: TLS 1.3 is not yet supported"); return CURLE_SSL_CONNECT_ERROR; case CURL_SSLVERSION_SSLv3: err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3); @@ -1089,6 +1088,10 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2); + break; + default: + failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + return CURLE_SSL_CONNECT_ERROR; } } else { @@ -1097,7 +1100,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, kSSLProtocolAll, false); switch (data->set.ssl.version) { - default: case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, @@ -1126,7 +1128,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, true); break; case CURL_SSLVERSION_TLSv1_3: - failf(data, "TLSv1.3 is not yet supported with this TLS backend"); + failf(data, "DarwinSSL: TLS 1.3 is not yet supported"); return CURLE_SSL_CONNECT_ERROR; case CURL_SSLVERSION_SSLv3: err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, @@ -1146,13 +1148,15 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } break; + default: + failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + return CURLE_SSL_CONNECT_ERROR; } #endif /* CURL_SUPPORT_MAC_10_8 */ } #else (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false); switch(data->set.ssl.version) { - default: case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: @@ -1187,6 +1191,9 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } break; + default: + failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + return CURLE_SSL_CONNECT_ERROR; } #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ |