openssl: unbreak the build after 6448f98c1857de

Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 8881b57acf23344a195a18a99626e3e079ea5699..d4e4128139a7c8d8d9131594ee227928aaf2a769 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1693,11 +1693,17 @@ get_ssl_version_txt(SSL *ssl)
 }
 
 static CURLcode
-set_ssl_version_min_max(long *ctx_options, struct connectdata *conn)
+set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
+                        int sockindex)
 {
+#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
+  /* convoluted #if condition just to avoid compiler warnings on unused
+     variable */
   struct Curl_easy *data = conn->data;
+#endif
   long ssl_version = SSL_CONN_CONFIG(version);
   long ssl_version_max = SSL_CONN_CONFIG(version_max);
+
   if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
     ssl_version_max = ssl_version << 16;
   }
@@ -1705,9 +1711,13 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn)
   switch(ssl_version) {
     case CURL_SSLVERSION_TLSv1_3:
 #ifdef TLS1_3_VERSION
+    {
+      struct ssl_connect_data *connssl = &conn->ssl[sockindex];
       SSL_CTX_set_max_proto_version(connssl->ctx, TLS1_3_VERSION);
       *ctx_options |= SSL_OP_NO_TLSv1_2;
+    }
 #else
+      (void)sockindex;
       failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
       return CURLE_NOT_BUILT_IN;
 #endif
@@ -1956,7 +1966,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
   case CURL_SSLVERSION_TLSv1_1:
   case CURL_SSLVERSION_TLSv1_2:
   case CURL_SSLVERSION_TLSv1_3:
-    result = set_ssl_version_min_max(&ctx_options, conn);
+    result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
     if(result != CURLE_OK)
        return result;
     break;