From: Steve Holme <steve_holme@hotmail.com>
Date: Thu, 17 Oct 2013 18:57:26 +0000 (+0100)
Subject: SSL: Follow up work to commits 6a1363128f1107 and 87861c9b0e8155
X-Git-Tag: curl-7_34_0~228
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=65e556d0ce1d788ce5649145b44cad836114dca8;p=thirdparty%2Fcurl.git

SSL: Follow up work to commits 6a1363128f1107 and 87861c9b0e8155

Changed the failure code when TLS v1.1 and v1.2 is requested but not
supported by older OpenSSL versions, following review from libcurl
peers, and reduced the number of required preprocessor if statements.
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 0faf43cf3e..d0a83f740d 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1568,10 +1568,8 @@ ossl_connect_step1(struct connectdata *conn,
   case CURL_SSLVERSION_TLSv1_0:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
-#if defined(SSL_OP_NO_TLSv1_1)
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
     ctx_options |= SSL_OP_NO_TLSv1_1;
-#endif
-#if defined(SSL_OP_NO_TLSv1_2)
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
@@ -1581,24 +1579,20 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
     ctx_options |= SSL_OP_NO_TLSv1;
-#if defined(SSL_OP_NO_TLSv1_2)
     ctx_options |= SSL_OP_NO_TLSv1_2;
-#endif
     break;
 
   case CURL_SSLVERSION_TLSv1_2:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
     ctx_options |= SSL_OP_NO_TLSv1;
-#if defined(SSL_OP_NO_TLSv1_1)
     ctx_options |= SSL_OP_NO_TLSv1_1;
-#endif
     break;
 #endif
 
   default:
-    failf(data, "Unsupported cipher version");
-    return CURLE_SSL_CIPHER;
+    failf(data, "Unsupported SSL protocol version");
+    return CURLE_SSL_CONNECT_ERROR;
   }
 
   SSL_CTX_set_options(connssl->ctx, ctx_options);