openssl: allow explicit sslv2 selection

If OpenSSL is built to support SSLv2 this brings back the ability to explicitly select that as a protocol level. Reported-by: Steve Holme Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
author: Daniel Stenberg <daniel@haxx.se> 2014-01-03 11:52:49 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2014-01-03 11:52:49 +0100
commit: 3529162405fdf867c345c651a238fd8072abfb23 (patch)
tree: 4611627ab12943b786926121100e65853f5a56b6 /lib/vtls
parent: d237828ebc58ca28efd7ba56c232a8b5a7c4793c (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 42bca159f..dba5256d5 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1599,6 +1599,17 @@ ossl_connect_step1(struct connectdata *conn,
     break;
 #endif
 
+#ifndef OPENSSL_NO_SSL2
+  case CURL_SSLVERSION_SSLv2:
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+#endif
+
   default:
     failf(data, "Unsupported SSL protocol version");
     return CURLE_SSL_CONNECT_ERROR;
author	Daniel Stenberg <daniel@haxx.se>	2014-01-03 11:52:49 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2014-01-03 11:52:49 +0100
commit	3529162405fdf867c345c651a238fd8072abfb23 (patch)
tree	4611627ab12943b786926121100e65853f5a56b6 /lib/vtls
parent	d237828ebc58ca28efd7ba56c232a8b5a7c4793c (diff)