On Thu, 2 Jan 2014, Daniel Stenberg wrote:

> Thanks, merged and pushed. We've now also got a bug
> report filed about this problem that we can refer to in
> the future:

This may be a totally dumb question on my part as I pretty much use OpenSSL
without any understanding of the different protocol version numbers...

Whilst the version of OpenSSL I am using (v1.0.0k) doesn't support SSL v2 do
we have a similar bug if someone was to perform -2 on the command line using
an OpenSSL version that does support v2?

By simply reading the code... the SSLv2_client_method() would be called in
the switch/case at line 1431 (my version simply performs the failf(data,
"OpenSSL was built without SSLv2 support" but if we assume that this isn't
the case) and then the next switch/case at line 1552 (that Barry has fixed
for SSL v3) doesn't have a case CURL_SSLVERSION_SSLv2 so will also perform
failf(data, "Unsupported SSL protocol version").

Kind Regards

Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-03