From befc011638c87b3521a515719a8461c4ed2061ad Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 20 Jan 2022 17:21:38 +0100
Subject: openssl: return error if TLS 1.3 is requested when not supported

Previously curl would just silently ignore it if the necessary defines
are not present at build-time.

Reported-by: Stefan Eissing
Fixes #8309
---
 lib/vtls/openssl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 694b9b626..be2f7be44 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2363,10 +2363,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
     case CURL_SSLVERSION_TLSv1_2:
       ossl_ssl_version_min = TLS1_2_VERSION;
       break;
-#ifdef TLS1_3_VERSION
     case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
       ossl_ssl_version_min = TLS1_3_VERSION;
       break;
+#else
+      return CURLE_NOT_BUILT_IN;
 #endif
   }
 
-- 
cgit v1.2.1