aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/vtls/nss.c14
2 files changed, 14 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d224476d5..9a4737820 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -8,6 +8,7 @@ Curl and libcurl 7.51.1
This release includes the following changes:
+ o nss: map CURL_SSLVERSION_DEFAULT to NSS default
o
This release includes the following bugfixes:
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index dff15758f..5abb57427 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1489,10 +1489,18 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
struct Curl_easy *data)
{
switch(data->set.ssl.version) {
- default:
case CURL_SSLVERSION_DEFAULT:
+ /* map CURL_SSLVERSION_DEFAULT to NSS default */
+ if(SSL_VersionRangeGetDefault(ssl_variant_stream, sslver) != SECSuccess)
+ return CURLE_SSL_CONNECT_ERROR;
+ /* ... but make sure we use at least TLSv1.0 according to libcurl API */
+ if(sslver->min < SSL_LIBRARY_VERSION_TLS_1_0)
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ return CURLE_OK;
+
case CURL_SSLVERSION_TLSv1:
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ /* TODO: set sslver->max to SSL_LIBRARY_VERSION_TLS_1_3 once stable */
#ifdef SSL_LIBRARY_VERSION_TLS_1_2
sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
#elif defined SSL_LIBRARY_VERSION_TLS_1_1
@@ -1532,6 +1540,10 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
return CURLE_OK;
#endif
break;
+
+ default:
+ /* unsupported SSL/TLS version */
+ break;
}
failf(data, "TLS minor version cannot be set");
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 23:47:20 +0000