generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SSL: protocol version can be specified more precisely

Browse Source 
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
(CURL_SSLVERSION_TLSv1 means TLS 1.x).

axTLS:
axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one
of these should be used, so we don't allow the new enum values.

darwinssl:
Added support for the new enum values.

SChannel:
Added support for the new enum values.

CyaSSL:
Added support for the new enum values.
Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it
did the same before this commit), because CyaSSL cannot be configured to
use TLS 1.0-1.2.

GSKit:
GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow
those values.
Bugfix: There was a typo that caused wrong SSL versions to be passed to
GSKit.

NSS:
TLS minor version cannot be set, so we don't allow the new enum values.

QsoSSL:
TLS minor version cannot be set, so we don't allow the new enum values.

OpenSSL:
Added support for the new enum values.
Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0,
now it enables 1.0-1.2.

Command-line tool:
Added command line options for the new values.
This commit is contained in:
Gergely Nagy
2013-09-19 15:17:13 +02:00
committed by Daniel Stenberg
parent 31e106c01c
commit ad34a2d5c8
14 changed files with 161 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/libcurl/curl_easy_setopt.3
View File

@@ -2417,11 +2417,17 @@ The default action. This will attempt to figure out the remote SSL protocol
version, i.e. either SSLv3 or TLSv1 (but not SSLv2, which became disabled
by default with 7.18.1).
.IP CURL_SSLVERSION_TLSv1
Force TLSv1
Force TLSv1.x
.IP CURL_SSLVERSION_SSLv2
Force SSLv2
.IP CURL_SSLVERSION_SSLv3
Force SSLv3
.IP CURL_SSLVERSION_TLSv1_0
Force TLSv1.0
.IP CURL_SSLVERSION_TLSv1_1
Force TLSv1.1
.IP CURL_SSLVERSION_TLSv1_2
Force TLSv1.2
.RE
.IP CURLOPT_SSL_VERIFYPEER
Pass a long as parameter. By default, curl assumes a value of 1.

3
docs/libcurl/symbols-in-versions
View File

@@ -695,6 +695,9 @@ CURL_SSLVERSION_DEFAULT 7.9.2
CURL_SSLVERSION_SSLv2 7.9.2
CURL_SSLVERSION_SSLv3 7.9.2
CURL_SSLVERSION_TLSv1 7.9.2
CURL_SSLVERSION_TLSv1_0 7.33.0
CURL_SSLVERSION_TLSv1_1 7.33.0
CURL_SSLVERSION_TLSv1_2 7.33.0
CURL_TIMECOND_IFMODSINCE 7.9.7
CURL_TIMECOND_IFUNMODSINCE 7.9.7
CURL_TIMECOND_LASTMOD 7.9.7