mirror of
https://github.com/curl/curl.git
synced 2025-09-17 17:42:49 +03:00
Loganaden Velvindron
Daniel Stenberg
parent
e968029b4d
commit
9bdadbbdee
|
|
@ -94,6 +94,10 @@ static bool gtls_inited = FALSE;
|
||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if (GNUTLS_VERSION_NUMBER >= 0x030603)
|
||||||
|
#define HAS_TLS13
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef HAS_OCSP
|
#ifdef HAS_OCSP
|
||||||
# include <gnutls/ocsp.h>
|
# include <gnutls/ocsp.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -391,6 +395,9 @@ set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn)
|
||||||
switch(ssl_version_max) {
|
switch(ssl_version_max) {
|
||||||
case CURL_SSLVERSION_MAX_NONE:
|
case CURL_SSLVERSION_MAX_NONE:
|
||||||
case CURL_SSLVERSION_MAX_DEFAULT:
|
case CURL_SSLVERSION_MAX_DEFAULT:
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
|
||||||
|
#endif
|
||||||
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
|
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
@ -408,8 +415,13 @@ set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn)
|
||||||
protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_2;
|
protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_2;
|
||||||
break;
|
break;
|
||||||
case CURL_SSLVERSION_TLSv1_3:
|
case CURL_SSLVERSION_TLSv1_3:
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_3;
|
||||||
|
break;
|
||||||
|
#else
|
||||||
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
|
|
@ -427,11 +439,7 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
long ssl_version = SSL_CONN_CONFIG(version);
|
long ssl_version = SSL_CONN_CONFIG(version);
|
||||||
long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
||||||
if(ssl_version == CURL_SSLVERSION_TLSv1_3 ||
|
|
||||||
ssl_version_max == CURL_SSLVERSION_MAX_TLSv1_3) {
|
|
||||||
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
|
||||||
}
|
|
||||||
if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
|
if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
|
||||||
ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT;
|
ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT;
|
||||||
}
|
}
|
||||||
|
|
@ -445,7 +453,6 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||||
"+VERS-TLS1.0:+VERS-TLS1.1:" GNUTLS_SRP;
|
"+VERS-TLS1.0:+VERS-TLS1.1:" GNUTLS_SRP;
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
|
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||||
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
"+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
"+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
|
|
@ -454,15 +461,54 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
|
||||||
"+VERS-TLS1.1:" GNUTLS_SRP;
|
"+VERS-TLS1.1:" GNUTLS_SRP;
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
|
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||||
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
"+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
"+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
|
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
|
||||||
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
|
|
||||||
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
"+VERS-TLS1.2:" GNUTLS_SRP;
|
"+VERS-TLS1.2:" GNUTLS_SRP;
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
|
case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_TLSv1_3:
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
|
"+VERS-TLS1.3:" GNUTLS_SRP;
|
||||||
|
return CURLE_OK;
|
||||||
|
#else
|
||||||
|
failf(data, "GnuTLS: TLS 1.3 is not yet supported");
|
||||||
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
|
#endif
|
||||||
|
case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||||
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
|
"+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:"
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
"+VERS-TLS1.3:"
|
||||||
|
#endif
|
||||||
|
GNUTLS_SRP;
|
||||||
|
return CURLE_OK;
|
||||||
|
case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||||
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
|
"+VERS-TLS1.1:+VERS-TLS1.2:"
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
"+VERS-TLS1.3:"
|
||||||
|
#endif
|
||||||
|
GNUTLS_SRP;
|
||||||
|
return CURLE_OK;
|
||||||
|
case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||||
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
|
"+VERS-TLS1.2:"
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
"+VERS-TLS1.3:"
|
||||||
|
#endif
|
||||||
|
GNUTLS_SRP;
|
||||||
|
return CURLE_OK;
|
||||||
|
case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT:
|
||||||
|
*prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
|
||||||
|
"+VERS-TLS1.2:"
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
"+VERS-TLS1.3:"
|
||||||
|
#endif
|
||||||
|
GNUTLS_SRP;
|
||||||
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
failf(data, "GnuTLS: cannot set ssl protocol");
|
failf(data, "GnuTLS: cannot set ssl protocol");
|
||||||
|
|
@ -675,6 +721,9 @@ gtls_connect_step1(struct connectdata *conn,
|
||||||
protocol_priority[0] = GNUTLS_TLS1_0;
|
protocol_priority[0] = GNUTLS_TLS1_0;
|
||||||
protocol_priority[1] = GNUTLS_TLS1_1;
|
protocol_priority[1] = GNUTLS_TLS1_1;
|
||||||
protocol_priority[2] = GNUTLS_TLS1_2;
|
protocol_priority[2] = GNUTLS_TLS1_2;
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
protocol_priority[3] = GNUTLS_TLS1_3;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case CURL_SSLVERSION_TLSv1_0:
|
case CURL_SSLVERSION_TLSv1_0:
|
||||||
case CURL_SSLVERSION_TLSv1_1:
|
case CURL_SSLVERSION_TLSv1_1:
|
||||||
|
|
@ -711,7 +760,11 @@ gtls_connect_step1(struct connectdata *conn,
|
||||||
break;
|
break;
|
||||||
case CURL_SSLVERSION_DEFAULT:
|
case CURL_SSLVERSION_DEFAULT:
|
||||||
case CURL_SSLVERSION_TLSv1:
|
case CURL_SSLVERSION_TLSv1:
|
||||||
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:" GNUTLS_SRP;
|
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:"
|
||||||
|
#ifdef HAS_TLS13
|
||||||
|
"+VERS-TLS1.3:"
|
||||||
|
#endif
|
||||||
|
GNUTLS_SRP;
|
||||||
break;
|
break;
|
||||||
case CURL_SSLVERSION_TLSv1_0:
|
case CURL_SSLVERSION_TLSv1_0:
|
||||||
case CURL_SSLVERSION_TLSv1_1:
|
case CURL_SSLVERSION_TLSv1_1:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user