From 3529162405fdf867c345c651a238fd8072abfb23 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 3 Jan 2014 11:52:49 +0100
Subject: openssl: allow explicit sslv2 selection

If OpenSSL is built to support SSLv2 this brings back the ability to
explicitly select that as a protocol level.

Reported-by: Steve Holme
Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
---
 lib/vtls/openssl.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lib')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 42bca159f..dba5256d5 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1599,6 +1599,17 @@ ossl_connect_step1(struct connectdata *conn,
     break;
 #endif
 
+#ifndef OPENSSL_NO_SSL2
+  case CURL_SSLVERSION_SSLv2:
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+#endif
+
   default:
     failf(data, "Unsupported SSL protocol version");
     return CURLE_SSL_CONNECT_ERROR;
-- 
cgit v1.2.3