From 6448f98c1857de521fb2dd3f9d4e5659845b5474 Mon Sep 17 00:00:00 2001 From: Jozef Kralik Date: Tue, 13 Dec 2016 21:10:00 +0100 Subject: vtls: add options to specify range of enabled TLS versions This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166 --- src/tool_cfgable.h | 1 + src/tool_getparam.c | 6 ++++++ src/tool_help.c | 1 + src/tool_operate.c | 3 ++- src/tool_paramhlp.c | 33 +++++++++++++++++++++++++++++++++ src/tool_paramhlp.h | 2 ++ 6 files changed, 45 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 0d2f765d2..b05c440e5 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -156,6 +156,7 @@ struct OperationConfig { struct curl_slist *postquote; struct curl_slist *prequote; long ssl_version; + long ssl_version_max; long proxy_ssl_version; long ip_version; curl_TimeCond timecond; diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 686b01d7e..85d75ae6e 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -184,6 +184,7 @@ static const struct LongShort aliases[]= { {"$S", "tftp-no-options", FALSE}, {"$U", "connect-to", TRUE}, {"$W", "abstract-unix-socket", TRUE}, + {"$X", "tls-max", TRUE}, {"0", "http1.0", FALSE}, {"01", "http1.1", FALSE}, {"02", "http2", FALSE}, @@ -1060,6 +1061,11 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ config->abstract_unix_socket = TRUE; GetStr(&config->unix_socket_path, nextarg); break; + case 'X': /* --tls-max */ + err = str2tls_max(&config->ssl_version_max, nextarg); + if(err) + return err; + break; } break; case '#': /* --progress-bar */ diff --git a/src/tool_help.c b/src/tool_help.c index 5085e542e..f6fe3527b 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -260,6 +260,7 @@ static const char *const helptext[] = { " --tlsv1.1 Use TLSv1.1 (SSL)", " --tlsv1.2 Use TLSv1.2 (SSL)", " --tlsv1.3 Use TLSv1.3 (SSL)", + " --tls-max VERSION Use TLS up to VERSION (SSL)", " --trace FILE Write a debug trace to FILE", " --trace-ascii FILE Like --trace, but without hex output", " --trace-time Add time stamps to trace/verbose output", diff --git a/src/tool_operate.c b/src/tool_operate.c index c30b32046..a489b8dbd 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1087,7 +1087,8 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->falsestart) my_setopt(curl, CURLOPT_SSL_FALSESTART, 1L); - my_setopt_enum(curl, CURLOPT_SSLVERSION, config->ssl_version); + my_setopt_enum(curl, CURLOPT_SSLVERSION, + config->ssl_version | config->ssl_version_max); my_setopt_enum(curl, CURLOPT_PROXY_SSLVERSION, config->proxy_ssl_version); } diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c index 257e5c697..6b534ce5d 100644 --- a/src/tool_paramhlp.c +++ b/src/tool_paramhlp.c @@ -550,3 +550,36 @@ CURLcode get_args(struct OperationConfig *config, const size_t i) return result; } + +/* + * Parse the string and modify ssl_version in the val argument. Return PARAM_OK + * on success, otherwise a parameter error enum. ONLY ACCEPTS POSITIVE NUMBERS! + * + * Since this function gets called with the 'nextarg' pointer from within the + * getparameter a lot, we must check it for NULL before accessing the str + * data. + */ + +ParameterError str2tls_max(long *val, const char *str) +{ + static struct s_tls_max { + const char *tls_max_str; + long tls_max; + } const tls_max_array[] = { + { "default", CURL_SSLVERSION_MAX_DEFAULT }, + { "1.0", CURL_SSLVERSION_MAX_TLSv1_0 }, + { "1.1", CURL_SSLVERSION_MAX_TLSv1_1 }, + { "1.2", CURL_SSLVERSION_MAX_TLSv1_2 }, + { "1.3", CURL_SSLVERSION_MAX_TLSv1_3 } + }; + size_t i = 0; + if(!str) + return PARAM_REQUIRES_PARAMETER; + for(i = 0; i < sizeof(tls_max_array)/sizeof(tls_max_array[0]); i++) { + if(!strcmp(str, tls_max_array[i].tls_max_str)) { + *val = tls_max_array[i].tls_max; + return PARAM_OK; + } + } + return PARAM_BAD_USE; +} diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h index 89a99b2bb..cdfbacf3f 100644 --- a/src/tool_paramhlp.h +++ b/src/tool_paramhlp.h @@ -52,4 +52,6 @@ int ftpcccmethod(struct OperationConfig *config, const char *str); long delegation(struct OperationConfig *config, char *str); +ParameterError str2tls_max(long *val, const char *str); + #endif /* HEADER_CURL_TOOL_PARAMHLP_H */ -- cgit v1.2.3