SSL: Added unsupported cipher version check for OpenSSL

...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2 being conditional on OpenSSL v1.0.1 as the appropriate flags are not supported under earlier versions.

SSL: Added unsupported cipher version check for OpenSSL
6a136312 · Steve Holme · 75b9b264 · 6a136312
Commit 6a136312 authored 11 years ago by Steve Holme
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1559,10 +1559,12 @@ ossl_connect_step1(struct connectdata *conn,
    }
 #endif
    break;
+
  case CURL_SSLVERSION_TLSv1:
    ctx_options |= SSL_OP_NO_SSLv2;
    ctx_options |= SSL_OP_NO_SSLv3;
    break;
+
  case CURL_SSLVERSION_TLSv1_0:
    ctx_options |= SSL_OP_NO_SSLv2;
    ctx_options |= SSL_OP_NO_SSLv3;
@@ -1573,6 +1575,8 @@ ossl_connect_step1(struct connectdata *conn,
    ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
    break;
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
  case CURL_SSLVERSION_TLSv1_1:
    ctx_options |= SSL_OP_NO_SSLv2;
    ctx_options |= SSL_OP_NO_SSLv3;
@@ -1581,6 +1585,7 @@ ossl_connect_step1(struct connectdata *conn,
    ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
    break;
+
  case CURL_SSLVERSION_TLSv1_2:
    ctx_options |= SSL_OP_NO_SSLv2;
    ctx_options |= SSL_OP_NO_SSLv3;
@@ -1589,6 +1594,11 @@ ossl_connect_step1(struct connectdata *conn,
    ctx_options |= SSL_OP_NO_TLSv1_1;
 #endif
    break;
+#endif
+
+  default:
+    failf(data, "Unsupported cipher version");
+    return CURLE_SSL_CIPHER;
  }

  SSL_CTX_set_options(connssl->ctx, ctx_options);