From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 20 Jan 2022 16:21:38 +0000 (+0100)
Subject: openssl: return error if TLS 1.3 is requested when not supported
X-Git-Tag: curl-7_82_0~192
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d03cb7c14a21562f91b15f483c02c2ab613d60c5;p=thirdparty%2Fcurl.git

openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines
are not present at build-time.

Reported-by: Stefan Eissing
Fixes #8309
Closes #8310
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 694b9b626a..be2f7be447 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2363,10 +2363,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
     case CURL_SSLVERSION_TLSv1_2:
       ossl_ssl_version_min = TLS1_2_VERSION;
       break;
-#ifdef TLS1_3_VERSION
     case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
       ossl_ssl_version_min = TLS1_3_VERSION;
       break;
+#else
+      return CURLE_NOT_BUILT_IN;
 #endif
   }