andre@998: From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001 andre@998: From: Andre Heinecke andre@998: Date: Mon, 1 Sep 2014 16:06:03 +0200 andre@998: Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl andre@998: andre@998: Forwards the setting as minimum ssl version to polarssl. andre@998: If the server does not support the requested version the andre@998: SSL Handshake will fail. andre@998: --- andre@998: lib/vtls/polarssl.c | 21 +++++++++++++++++++++ andre@998: 1 file changed, 21 insertions(+) andre@998: andre@998: diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c andre@998: index f948486..e18cadf 100644 andre@998: --- a/lib/vtls/polarssl.c andre@998: +++ b/lib/vtls/polarssl.c andre@998: @@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn, andre@998: return CURLE_SSL_CONNECT_ERROR; andre@998: } andre@998: andre@998: + if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { andre@998: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, andre@998: + SSL_MINOR_VERSION_0); andre@998: + infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n"); andre@998: + } andre@998: + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) { andre@998: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, andre@998: + SSL_MINOR_VERSION_1); andre@998: + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n"); andre@998: + } andre@998: + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) { andre@998: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, andre@998: + SSL_MINOR_VERSION_2); andre@998: + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n"); andre@998: + } andre@998: + else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) { andre@998: + ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3, andre@998: + SSL_MINOR_VERSION_3); andre@998: + infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n"); andre@998: + } andre@998: + andre@998: ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); andre@998: ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); andre@998: andre@998: -- andre@998: 1.9.1 andre@998: