diff options
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/openssl.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 8881b57ac..d4e412813 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1693,11 +1693,17 @@ get_ssl_version_txt(SSL *ssl) } static CURLcode -set_ssl_version_min_max(long *ctx_options, struct connectdata *conn) +set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, + int sockindex) { +#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION) + /* convoluted #if condition just to avoid compiler warnings on unused + variable */ struct Curl_easy *data = conn->data; +#endif long ssl_version = SSL_CONN_CONFIG(version); long ssl_version_max = SSL_CONN_CONFIG(version_max); + if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) { ssl_version_max = ssl_version << 16; } @@ -1705,9 +1711,13 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn) switch(ssl_version) { case CURL_SSLVERSION_TLSv1_3: #ifdef TLS1_3_VERSION + { + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; SSL_CTX_set_max_proto_version(connssl->ctx, TLS1_3_VERSION); *ctx_options |= SSL_OP_NO_TLSv1_2; + } #else + (void)sockindex; failf(data, OSSL_PACKAGE " was built without TLS 1.3 support"); return CURLE_NOT_BUILT_IN; #endif @@ -1956,7 +1966,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: case CURL_SSLVERSION_TLSv1_3: - result = set_ssl_version_min_max(&ctx_options, conn); + result = set_ssl_version_min_max(&ctx_options, conn, sockindex); if(result != CURLE_OK) return result; break; |