Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem setting option CURLOPT_SSLVERSION to a range #2225

Closed
cmfrolick opened this issue Jan 9, 2018 · 2 comments
Closed

Problem setting option CURLOPT_SSLVERSION to a range #2225

cmfrolick opened this issue Jan 9, 2018 · 2 comments

Comments

@cmfrolick
Copy link

I am trying to use curl_easy_setopt to specify TLS 1.1 or higher. If I do the following (from the documentation):
result = curl_easy_setopt( curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT );

I always get CURLE_BAD_FUNCTION_ARGUMENT. Even if I try any of the other max values.

Looking at setopt, I see the validation is using:
if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))

The problem with that is, the max values are shifted 16bits, so they are always greater than CURL_SSLVERSION_TLSv1_3.

curl/libcurl version

curl 7.57.0 (i386-pc-win32) libcurl/7.57.0 OpenSSL/1.0.2n WinIDN
Release-Date: 2017-11-29
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy

operating system

Windows 10 Pro x64 version 1709

jay added a commit to jay/curl that referenced this issue Jan 10, 2018
Regression since f121575 (precedes 7.56.1).

Fixes curl#2225
Closes curl#2226
jay added a commit to jay/curl that referenced this issue Jan 10, 2018
Regression since f121575 (precedes 7.56.1).

Fixes curl#2225
Closes curl#2227
@jay
Copy link
Member

jay commented Jan 10, 2018

I've submitted #2227 to address the issue you reported. Can you test it please?

The way those MAX values are used needs to be better documented to explain that only one MAX and one regular value can be OR'd together (if I understand it right). Otherwise in my opinion it can lead to user error.

/cc @jkralik

@cmfrolick
Copy link
Author

That change works for me.

Thank you.

jay added a commit to jay/curl that referenced this issue Jan 12, 2018
Broken since f121575 (precedes 7.56.1).

Fixes curl#2225
Closes curl#2227
jay added a commit that referenced this issue Jan 13, 2018
Broken since f121575 (precedes 7.56.1).

Bug: #2225
Reported-by: cmfrolick@users.noreply.github.com

Closes #2227
@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

No branches or pull requests

2 participants