SSL: Added unsupported cipher version check for OpenSSL

...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2
being conditional on OpenSSL v1.0.1 as the appropriate flags are not
supported under earlier versions.

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 37178f8aa16fc0d5f83f27bccbd8f4a9f53e9847..0faf43cf3e6276ad576aa634f76997e7a4934157 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1559,10 +1559,12 @@ ossl_connect_step1(struct connectdata *conn,
     }
 #endif
     break;
+
   case CURL_SSLVERSION_TLSv1:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
     break;
+
   case CURL_SSLVERSION_TLSv1_0:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1573,6 +1575,8 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
   case CURL_SSLVERSION_TLSv1_1:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1581,6 +1585,7 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
+
   case CURL_SSLVERSION_TLSv1_2:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_SSLv3;
@@ -1589,6 +1594,11 @@ ossl_connect_step1(struct connectdata *conn,
     ctx_options |= SSL_OP_NO_TLSv1_1;
 #endif
     break;
+#endif
+
+  default:
+    failf(data, "Unsupported cipher version");
+    return CURLE_SSL_CIPHER;
   }
 
   SSL_CTX_set_options(connssl->ctx, ctx_options);