summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJozef Kralik <jozef.kralik@eset.sk>2016-12-13 21:10:00 +0100
committerKamil Dudka <kdudka@redhat.com>2017-03-08 15:54:07 +0100
commit6448f98c1857de521fb2dd3f9d4e5659845b5474 (patch)
tree183b4febdb062f32be9113ae170e3b57f44a4b28 /src
parentb66690733642d764199eeb1b64aaaa2513c13db3 (diff)
downloadcurl-6448f98c1857de521fb2dd3f9d4e5659845b5474.tar.gz
vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
Diffstat (limited to 'src')
-rw-r--r--src/tool_cfgable.h1
-rw-r--r--src/tool_getparam.c6
-rw-r--r--src/tool_help.c1
-rw-r--r--src/tool_operate.c3
-rw-r--r--src/tool_paramhlp.c33
-rw-r--r--src/tool_paramhlp.h2
6 files changed, 45 insertions, 1 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 0d2f765d2..b05c440e5 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -156,6 +156,7 @@ struct OperationConfig {
struct curl_slist *postquote;
struct curl_slist *prequote;
long ssl_version;
+ long ssl_version_max;
long proxy_ssl_version;
long ip_version;
curl_TimeCond timecond;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 686b01d7e..85d75ae6e 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -184,6 +184,7 @@ static const struct LongShort aliases[]= {
{"$S", "tftp-no-options", FALSE},
{"$U", "connect-to", TRUE},
{"$W", "abstract-unix-socket", TRUE},
+ {"$X", "tls-max", TRUE},
{"0", "http1.0", FALSE},
{"01", "http1.1", FALSE},
{"02", "http2", FALSE},
@@ -1060,6 +1061,11 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
config->abstract_unix_socket = TRUE;
GetStr(&config->unix_socket_path, nextarg);
break;
+ case 'X': /* --tls-max */
+ err = str2tls_max(&config->ssl_version_max, nextarg);
+ if(err)
+ return err;
+ break;
}
break;
case '#': /* --progress-bar */
diff --git a/src/tool_help.c b/src/tool_help.c
index 5085e542e..f6fe3527b 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -260,6 +260,7 @@ static const char *const helptext[] = {
" --tlsv1.1 Use TLSv1.1 (SSL)",
" --tlsv1.2 Use TLSv1.2 (SSL)",
" --tlsv1.3 Use TLSv1.3 (SSL)",
+ " --tls-max VERSION Use TLS up to VERSION (SSL)",
" --trace FILE Write a debug trace to FILE",
" --trace-ascii FILE Like --trace, but without hex output",
" --trace-time Add time stamps to trace/verbose output",
diff --git a/src/tool_operate.c b/src/tool_operate.c
index c30b32046..a489b8dbd 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1087,7 +1087,8 @@ static CURLcode operate_do(struct GlobalConfig *global,
if(config->falsestart)
my_setopt(curl, CURLOPT_SSL_FALSESTART, 1L);
- my_setopt_enum(curl, CURLOPT_SSLVERSION, config->ssl_version);
+ my_setopt_enum(curl, CURLOPT_SSLVERSION,
+ config->ssl_version | config->ssl_version_max);
my_setopt_enum(curl, CURLOPT_PROXY_SSLVERSION,
config->proxy_ssl_version);
}
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 257e5c697..6b534ce5d 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -550,3 +550,36 @@ CURLcode get_args(struct OperationConfig *config, const size_t i)
return result;
}
+
+/*
+ * Parse the string and modify ssl_version in the val argument. Return PARAM_OK
+ * on success, otherwise a parameter error enum. ONLY ACCEPTS POSITIVE NUMBERS!
+ *
+ * Since this function gets called with the 'nextarg' pointer from within the
+ * getparameter a lot, we must check it for NULL before accessing the str
+ * data.
+ */
+
+ParameterError str2tls_max(long *val, const char *str)
+{
+ static struct s_tls_max {
+ const char *tls_max_str;
+ long tls_max;
+ } const tls_max_array[] = {
+ { "default", CURL_SSLVERSION_MAX_DEFAULT },
+ { "1.0", CURL_SSLVERSION_MAX_TLSv1_0 },
+ { "1.1", CURL_SSLVERSION_MAX_TLSv1_1 },
+ { "1.2", CURL_SSLVERSION_MAX_TLSv1_2 },
+ { "1.3", CURL_SSLVERSION_MAX_TLSv1_3 }
+ };
+ size_t i = 0;
+ if(!str)
+ return PARAM_REQUIRES_PARAMETER;
+ for(i = 0; i < sizeof(tls_max_array)/sizeof(tls_max_array[0]); i++) {
+ if(!strcmp(str, tls_max_array[i].tls_max_str)) {
+ *val = tls_max_array[i].tls_max;
+ return PARAM_OK;
+ }
+ }
+ return PARAM_BAD_USE;
+}
diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h
index 89a99b2bb..cdfbacf3f 100644
--- a/src/tool_paramhlp.h
+++ b/src/tool_paramhlp.h
@@ -52,4 +52,6 @@ int ftpcccmethod(struct OperationConfig *config, const char *str);
long delegation(struct OperationConfig *config, char *str);
+ParameterError str2tls_max(long *val, const char *str);
+
#endif /* HEADER_CURL_TOOL_PARAMHLP_H */