aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNick Zitzmann <nickzman@gmail.com>2013-07-02 19:34:54 -0600
committerNick Zitzmann <nickzman@gmail.com>2013-07-02 19:34:54 -0600
commitd633052905d430565db47d22dfc42011a3ca2c01 (patch)
treeda2aeb60ef4139b4631bd3688924dede056cf073 /lib
parentabca89aaa0fb208cfaf4ead6692014c4e553388a (diff)
darwinssl: SSLv2 connections are aborted if unsupported by the OS
I just noticed that OS X no longer supports SSLv2. Other TLS engines return an error if the requested protocol isn't supported by the underlying engine, so we do that now for SSLv2 if the framework returns an error when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is only enabled in curl when starting the app with the -2 argument; it's off by default. SSLv2 is really old and insecure.)
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_darwinssl.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index 82a339b0a..2d5d564b7 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -891,7 +891,11 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
(void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
break;
case CURL_SSLVERSION_SSLv2:
- (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
+ err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
(void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
}
}
@@ -932,9 +936,13 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
true);
break;
case CURL_SSLVERSION_SSLv2:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocol2,
true);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
break;
}
#endif /* CURL_SUPPORT_MAC_10_8 */
@@ -957,9 +965,13 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
true);
break;
case CURL_SSLVERSION_SSLv2:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocol2,
true);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
break;
case CURL_SSLVERSION_SSLv3:
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,