aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2015-03-27 02:20:43 -0400
committerDaniel Stenberg <daniel@haxx.se>2015-03-27 09:32:23 +0100
commite7a289ebb9e00172545bdbf87f587279e98bd7e8 (patch)
tree890bf53318387310907b13fc6de685ab827cc0f8 /lib/vtls
parent488102fc17f0980e883c6b1d1bea8d86249088c4 (diff)
vtls: Don't accept unknown CURLOPT_SSLVERSION values
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/vtls.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 12427c17c..42a2b58a0 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -276,10 +276,25 @@ void Curl_ssl_cleanup(void)
}
}
+static bool ssl_prefs_check(struct SessionHandle *data)
+{
+ /* check for CURLOPT_SSLVERSION invalid parameter value */
+ if((data->set.ssl.version < 0)
+ || (data->set.ssl.version >= CURL_SSLVERSION_LAST)) {
+ failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
+ return FALSE;
+ }
+ return TRUE;
+}
+
CURLcode
Curl_ssl_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
+
+ if(!ssl_prefs_check(conn->data))
+ return CURLE_SSL_CONNECT_ERROR;
+
/* mark this is being ssl-enabled from here on. */
conn->ssl[sockindex].use = TRUE;
conn->ssl[sockindex].state = ssl_connection_negotiating;
@@ -297,6 +312,10 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done)
{
CURLcode result;
+
+ if(!ssl_prefs_check(conn->data))
+ return CURLE_SSL_CONNECT_ERROR;
+
/* mark this is being ssl requested from here on. */
conn->ssl[sockindex].use = TRUE;
#ifdef curlssl_connect_nonblocking