aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/gtls.c
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-11-07 21:51:27 -0500
committerJay Satiro <raysatiro@yahoo.com>2016-11-09 22:08:49 -0500
commitf43b7b6cb6724792b9680dd6d744648b4a7e5b59 (patch)
tree6bb5d127336047637ecf6689a0531150d1b0ca04 /lib/vtls/gtls.c
parent46f906a1b0e987ff8a044595550ba2a0e3d6368c (diff)
vtls: Fail on unrecognized param for CURLOPT_SSLVERSION
- Fix GnuTLS code for CURL_SSLVERSION_TLSv1_2 that broke when the TLS 1.3 support was added in 6ad3add. - Homogenize across code for all backends the error message when TLS 1.3 is not available to "<backend>: TLS 1.3 is not yet supported". - Return an error when a user-specified ssl version is unrecognized. --- Prior to this change our code for some of the backends used the 'default' label in the switch statement (ie ver unrecognized) for ssl.version and treated it the same as CURL_SSLVERSION_DEFAULT. Bug: https://curl.haxx.se/mail/lib-2016-11/0048.html Reported-by: Kamil Dudka
Diffstat (limited to 'lib/vtls/gtls.c')
-rw-r--r--lib/vtls/gtls.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index d47d80fc5..6eb3a9992 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -409,7 +409,6 @@ gtls_connect_step1(struct connectdata *conn,
if(!gtls_inited)
Curl_gtls_init();
- /* GnuTLS only supports SSLv3 and TLSv1 */
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
failf(data, "GnuTLS does not support SSLv2");
return CURLE_SSL_CONNECT_ERROR;
@@ -569,15 +568,16 @@ gtls_connect_step1(struct connectdata *conn,
break;
case CURL_SSLVERSION_TLSv1_2:
protocol_priority[0] = GNUTLS_TLS1_2;
+ break;
case CURL_SSLVERSION_TLSv1_3:
- failf(data, "GnuTLS does not support TLSv1.3");
+ failf(data, "GnuTLS: TLS 1.3 is not yet supported");
return CURLE_SSL_CONNECT_ERROR;
- break;
- case CURL_SSLVERSION_SSLv2:
- default:
+ case CURL_SSLVERSION_SSLv2:
failf(data, "GnuTLS does not support SSLv2");
return CURLE_SSL_CONNECT_ERROR;
- break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
}
rc = gnutls_protocol_set_priority(session, protocol_priority);
if(rc != GNUTLS_E_SUCCESS) {
@@ -611,13 +611,14 @@ gtls_connect_step1(struct connectdata *conn,
"+VERS-TLS1.2:" GNUTLS_SRP;
break;
case CURL_SSLVERSION_TLSv1_3:
- failf(data, "GnuTLS does not support TLSv1.3");
+ failf(data, "GnuTLS: TLS 1.3 is not yet supported");
return CURLE_SSL_CONNECT_ERROR;
case CURL_SSLVERSION_SSLv2:
- default:
failf(data, "GnuTLS does not support SSLv2");
return CURLE_SSL_CONNECT_ERROR;
- break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
}
rc = gnutls_priority_set_direct(session, prioritylist, &err);
if((rc == GNUTLS_E_INVALID_REQUEST) && err) {