Commit 6fa10c8f authored by Jay Satiro's avatar Jay Satiro
Browse files

setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values 

Broken since f121575c (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225


Reported-by: default avatar <cmfrolick@users.noreply.github.com>

Closes https://github.com/curl/curl/pull/2227
parent 3b548ffd

docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3

+8 −4
Original line number Diff line number Diff line
@@ -46,10 +46,15 @@ TLSv1.1 
TLSv1.2

.IP CURL_SSLVERSION_TLSv1_3

TLSv1.3

.RE

The maximum TLS version can be set by using \fIone\fP of the

CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the

CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.

The MAX macros are not supported for SSL backends axTLS or wolfSSL.

.RS

.IP CURL_SSLVERSION_MAX_DEFAULT

The flag defines the maximum supported TLS version as TLSv1.2, or the default

value from the SSL library. Only the NSS library currently allows one to get

the maximum supported TLS version.

value from the SSL library.

(Added in 7.54.0)

.IP CURL_SSLVERSION_MAX_TLSv1_0

The flag defines maximum supported TLS version as TLSv1.0.
@@ -75,8 +80,7 @@ if(curl) { 
  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");



  /* ask libcurl to use TLS version 1.0 or later */

  curl_easy_setopt(curl, CURLOPT_PROXY_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |

                   CURL_SSLVERSION_MAX_DEFAULT);

  curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);



  /* Perform the request */

  curl_easy_perform(curl);

docs/libcurl/opts/CURLOPT_SSLVERSION.3

+9 −5
Original line number Diff line number Diff line
@@ -50,10 +50,15 @@ TLSv1.1 (Added in 7.34.0) 
TLSv1.2 (Added in 7.34.0)

.IP CURL_SSLVERSION_TLSv1_3

TLSv1.3 (Added in 7.52.0)

.RE

The maximum TLS version can be set by using \fIone\fP of the

CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the

CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.

The MAX macros are not supported for SSL backends axTLS or wolfSSL.

.RS

.IP CURL_SSLVERSION_MAX_DEFAULT

The flag defines the maximum supported TLS version as TLSv1.2, or the default

value from the SSL library. Only the NSS library currently allows one to get

the maximum supported TLS version.

value from the SSL library.

(Added in 7.54.0)

.IP CURL_SSLVERSION_MAX_TLSv1_0

The flag defines maximum supported TLS version as TLSv1.0.
@@ -78,9 +83,8 @@ CURL *curl = curl_easy_init(); 
if(curl) {

  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");



  /* ask libcurl to use TLS version 1.1 or later */

  curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 |

                   CURL_SSLVERSION_MAX_DEFAULT);

  /* ask libcurl to use TLS version 1.0 or later */

  curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);



  /* Perform the request */

  curl_easy_perform(curl);

lib/setopt.c

+22 −20
Original line number Diff line number Diff line
@@ -360,32 +360,34 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, 
     */

    data->set.timevalue = (time_t)va_arg(param, long);

    break;



  case CURLOPT_SSLVERSION:

    /*

     * Set explicit SSL version to try to connect with, as some SSL

     * implementations are lame.

     */

#ifdef USE_SSL

    arg = va_arg(param, long);

    if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))

      return CURLE_BAD_FUNCTION_ARGUMENT;

    data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg);

    data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);

#else

    result = CURLE_UNKNOWN_OPTION;

#endif

    break;

  case CURLOPT_PROXY_SSLVERSION:

    /*

     * Set explicit SSL version to try to connect with for proxy, as some SSL

     * Set explicit SSL version to try to connect with, as some SSL

     * implementations are lame.

     */

#ifdef USE_SSL

    {

      long version, version_max;

      struct ssl_primary_config *primary = (option == CURLOPT_SSLVERSION ?

                                            &data->set.ssl.primary :

                                            &data->set.proxy_ssl.primary);



      arg = va_arg(param, long);

    if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))



      version = C_SSLVERSION_VALUE(arg);

      version_max = C_SSLVERSION_MAX_VALUE(arg);



      if(version < CURL_SSLVERSION_DEFAULT ||

         version >= CURL_SSLVERSION_LAST ||

         version_max < CURL_SSLVERSION_MAX_NONE ||

         version_max >= CURL_SSLVERSION_MAX_LAST)

        return CURLE_BAD_FUNCTION_ARGUMENT;

    data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg);

    data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);



      primary->version = version;

      primary->version_max = version_max;

    }

#else

    result = CURLE_UNKNOWN_OPTION;

#endif