From e608324f9f9ca1a40865902a52619f60ca86aa17 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Mon, 1 Sep 2014 16:06:03 +0200 Subject: polarssl: implement CURLOPT_SSLVERSION Forwards the setting as minimum ssl version (if set) to polarssl. If the server does not support the requested version the SSL Handshake will fail. Bug: http://curl.haxx.se/bug/view.cgi?id=1419 --- lib/vtls/polarssl.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'lib') diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index f9484866a..2d1b7ee08 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -270,6 +270,29 @@ polarssl_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + switch(data->set.ssl.version) { + case CURL_SSLVERSION_SSLv3: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_0); + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); + break; + case CURL_SSLVERSION_TLSv1_0: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_1); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n"); + break; + case CURL_SSLVERSION_TLSv1_1: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_2); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n"); + break; + case CURL_SSLVERSION_TLSv1_2: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_3); + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n"); + break; + } + ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); -- cgit v1.2.3