[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 100/125: setopt: fix SSLVERSION to allow CURL_SSLVE
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 100/125: setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values |
Date: |
Sun, 21 Jan 2018 23:42:35 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 6fa10c8fa2319e0271465a796f258a239b54c35a
Author: Jay Satiro <address@hidden>
AuthorDate: Wed Jan 10 03:14:15 2018 -0500
setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575 (precedes 7.56.1).
Bug: https://github.com/curl/curl/issues/2225
Reported-by: address@hidden
Closes https://github.com/curl/curl/pull/2227
---
docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 | 12 +++++---
docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 14 ++++++----
lib/setopt.c | 42 +++++++++++++++-------------
3 files changed, 39 insertions(+), 29 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
index 6b9ff7dee..73c2c9766 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
@@ -46,10 +46,15 @@ TLSv1.1
TLSv1.2
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3
+.RE
+The maximum TLS version can be set by using \fIone\fP of the
+CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
+CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
+The MAX macros are not supported for SSL backends axTLS or wolfSSL.
+.RS
.IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default
-value from the SSL library. Only the NSS library currently allows one to get
-the maximum supported TLS version.
+value from the SSL library.
(Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0.
@@ -75,8 +80,7 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* ask libcurl to use TLS version 1.0 or later */
- curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
- CURL_SSLVERSION_MAX_DEFAULT);
+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
/* Perform the request */
curl_easy_perform(curl);
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
index 5c447d8f3..807057be5 100644
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
@@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0)
TLSv1.2 (Added in 7.34.0)
.IP CURL_SSLVERSION_TLSv1_3
TLSv1.3 (Added in 7.52.0)
+.RE
+The maximum TLS version can be set by using \fIone\fP of the
+CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
+CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
+The MAX macros are not supported for SSL backends axTLS or wolfSSL.
+.RS
.IP CURL_SSLVERSION_MAX_DEFAULT
The flag defines the maximum supported TLS version as TLSv1.2, or the default
-value from the SSL library. Only the NSS library currently allows one to get
-the maximum supported TLS version.
+value from the SSL library.
(Added in 7.54.0)
.IP CURL_SSLVERSION_MAX_TLSv1_0
The flag defines maximum supported TLS version as TLSv1.0.
@@ -78,9 +83,8 @@ CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
- /* ask libcurl to use TLS version 1.1 or later */
- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |
- CURL_SSLVERSION_MAX_DEFAULT);
+ /* ask libcurl to use TLS version 1.0 or later */
+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
/* Perform the request */
curl_easy_perform(curl);
diff --git a/lib/setopt.c b/lib/setopt.c
index 60f3ae5a6..66f30ea65 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -360,32 +360,34 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
*/
data->set.timevalue = (time_t)va_arg(param, long);
break;
+
case CURLOPT_SSLVERSION:
- /*
- * Set explicit SSL version to try to connect with, as some SSL
- * implementations are lame.
- */
-#ifdef USE_SSL
- arg = va_arg(param, long);
- if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
- return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg);
- data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
-#else
- result = CURLE_UNKNOWN_OPTION;
-#endif
- break;
case CURLOPT_PROXY_SSLVERSION:
/*
- * Set explicit SSL version to try to connect with for proxy, as some SSL
+ * Set explicit SSL version to try to connect with, as some SSL
* implementations are lame.
*/
#ifdef USE_SSL
- arg = va_arg(param, long);
- if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
- return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg);
- data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
+ {
+ long version, version_max;
+ struct ssl_primary_config *primary = (option == CURLOPT_SSLVERSION ?
+ &data->set.ssl.primary :
+ &data->set.proxy_ssl.primary);
+
+ arg = va_arg(param, long);
+
+ version = C_SSLVERSION_VALUE(arg);
+ version_max = C_SSLVERSION_MAX_VALUE(arg);
+
+ if(version < CURL_SSLVERSION_DEFAULT ||
+ version >= CURL_SSLVERSION_LAST ||
+ version_max < CURL_SSLVERSION_MAX_NONE ||
+ version_max >= CURL_SSLVERSION_MAX_LAST)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ primary->version = version;
+ primary->version_max = version_max;
+ }
#else
result = CURLE_UNKNOWN_OPTION;
#endif
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 72/125: brotli: allow compiling with version 0.6.0., (continued)
- [GNUnet-SVN] [gnurl] 72/125: brotli: allow compiling with version 0.6.0., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 111/125: CURLOPT_TCP_NODELAY.3: fix typo, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 104/125: test393: verify --max-filesize with excessive Content-Length, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 109/125: openssl: enable SSLKEYLOGFILE support by default, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 88/125: test1554: improve the error handling, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 87/125: test1554: add global initialization and cleanup, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 97/125: easy: fix connection ownership in curl_easy_pause, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 89/125: Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX", gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 105/125: test394: verify abort of rubbish in Content-Length: value, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 83/125: tool_getparam: Support size modifiers for --max-filesize, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 100/125: setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values,
gnunet <=
- [GNUnet-SVN] [gnurl] 115/125: unit1307: test many wildcards too, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 106/125: test395: HTTP with overflow Content-Length value, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 101/125: RELEASE-NOTES: synced with 6fa10c8fa, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 110/125: smtp/pop3/imap_get_message: decrease the data length too..., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 91/125: build: remove HAVE_LIMITS_H check, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 113/125: ftp-wildcard: fix matching an empty string with "*[^a]", gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 121/125: http2: don't close connection when single transfer is stopped, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 124/125: RELEASE-NOTES: synced with bb0ffcc36, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 85/125: brotli: data at the end of content can be lost, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 108/125: mime: clone mime tree upon easy handle duplication., gnunet, 2018/01/21