openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines are not present at build-time. Reported-by: Stefan Eissing Fixes #8309 Closes #8310
2025-03-01 15:15:34 +08:00 · 2022-01-20 17:21:38 +01:00 · 2022-01-20 17:21:38 +01:00 · d03cb7c14a
commit d03cb7c14a
parent e29665c775
1 changed files with 3 additions and 1 deletions
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -2363,10 +2363,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
    case CURL_SSLVERSION_TLSv1_2:
      ossl_ssl_version_min = TLS1_2_VERSION;
      break;
-#ifdef TLS1_3_VERSION
    case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
      ossl_ssl_version_min = TLS1_3_VERSION;
      break;
+#else
+      return CURLE_NOT_BUILT_IN;
 #endif
  }