openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines
are not present at build-time.

Reported-by: Stefan Eissing
Fixes #8309
Closes #8310

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 694b9b626ac03a54dea244716358b907c028983e..be2f7be4473e15783aa81be5f1a537676799a618 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2363,10 +2363,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
     case CURL_SSLVERSION_TLSv1_2:
       ossl_ssl_version_min = TLS1_2_VERSION;
       break;
-#ifdef TLS1_3_VERSION
     case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
       ossl_ssl_version_min = TLS1_3_VERSION;
       break;
+#else
+      return CURLE_NOT_BUILT_IN;
 #endif
   }