Commit 03e206d1 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: warn for SRP set if SSLv3 is used, not for TLS version 

... as it requires TLS and it was was left to warn on the default from
when default was SSL...
parent 2c5f346d

lib/vtls/openssl.c

+5 −5
Original line number Diff line number Diff line
@@ -1653,6 +1653,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) 


  switch(data->set.ssl.version) {

  case CURL_SSLVERSION_SSLv3:

#ifdef USE_TLS_SRP

    if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {

      infof(data, "Set version TLSv1.x for SRP authorisation\n");

    }

#endif

    ctx_options |= SSL_OP_NO_SSLv2;

    ctx_options |= SSL_OP_NO_TLSv1;

#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
@@ -1662,11 +1667,6 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) 
    break;



  case CURL_SSLVERSION_DEFAULT:

#ifdef USE_TLS_SRP

    if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {

      infof(data, "Set version TLSv1.x for SRP authorisation\n");

    }

#endif

  case CURL_SSLVERSION_TLSv1:

    ctx_options |= SSL_OP_NO_SSLv2;

    ctx_options |= SSL_OP_NO_SSLv3;