openssl: allow explicit sslv2 selection

If OpenSSL is built to support SSLv2 this brings back the ability to explicitly select that as a protocol level. Reported-by: Steve Holme Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
2024-11-21 01:16:58 +08:00 · 2014-01-03 11:52:49 +01:00 · 2014-01-03 11:52:49 +01:00 · 3529162405
commit 3529162405
parent d237828ebc
1 changed files with 11 additions and 0 deletions
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -1599,6 +1599,17 @@ ossl_connect_step1(struct connectdata *conn,
    break;
 #endif

+#ifndef OPENSSL_NO_SSL2
+  case CURL_SSLVERSION_SSLv2:
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+#endif
+
  default:
    failf(data, "Unsupported SSL protocol version");
    return CURLE_SSL_CONNECT_ERROR;