diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2015-03-27 02:20:43 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-03-27 09:32:23 +0100 |
commit | e7a289ebb9e00172545bdbf87f587279e98bd7e8 (patch) | |
tree | 890bf53318387310907b13fc6de685ab827cc0f8 /lib/vtls | |
parent | 488102fc17f0980e883c6b1d1bea8d86249088c4 (diff) |
vtls: Don't accept unknown CURLOPT_SSLVERSION values
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/vtls.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 12427c17c..42a2b58a0 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -276,10 +276,25 @@ void Curl_ssl_cleanup(void) } } +static bool ssl_prefs_check(struct SessionHandle *data) +{ + /* check for CURLOPT_SSLVERSION invalid parameter value */ + if((data->set.ssl.version < 0) + || (data->set.ssl.version >= CURL_SSLVERSION_LAST)) { + failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION"); + return FALSE; + } + return TRUE; +} + CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex) { CURLcode result; + + if(!ssl_prefs_check(conn->data)) + return CURLE_SSL_CONNECT_ERROR; + /* mark this is being ssl-enabled from here on. */ conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].state = ssl_connection_negotiating; @@ -297,6 +312,10 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done) { CURLcode result; + + if(!ssl_prefs_check(conn->data)) + return CURLE_SSL_CONNECT_ERROR; + /* mark this is being ssl requested from here on. */ conn->ssl[sockindex].use = TRUE; #ifdef curlssl_connect_nonblocking |