Just like it's possible for SSLv2. Cheers
From 01e0186d48d24f4ec2d5cbbd57de6e72127857d4 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini <[email protected]> Date: Sat, 8 Nov 2014 15:04:21 +0100 Subject: [PATCH] openssl: make it possible to build without SSLv3
Original patch by Kurt Roeckx <[email protected]>. Bug: https://bugs.debian.org/768562 --- lib/vtls/openssl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index ccf2f73..88e644b 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1555,6 +1555,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) break; #endif case CURL_SSLVERSION_SSLv3: +#ifdef OPENSSL_NO_SSL3 + failf(data, "OpenSSL was built without SSLv3 support"); + return CURLE_NOT_BUILT_IN; +#else #ifdef USE_TLS_SRP if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) return CURLE_SSL_CONNECT_ERROR; @@ -1562,6 +1566,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) req_method = SSLv3_client_method(); use_sni(FALSE); break; +#endif } if(connssl->ctx) @@ -1652,6 +1657,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) #endif switch(data->set.ssl.version) { +#ifndef OPENSSL_NO_SSL3 case CURL_SSLVERSION_SSLv3: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_TLSv1; @@ -1660,6 +1666,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) ctx_options |= SSL_OP_NO_TLSv1_2; #endif break; +#endif case CURL_SSLVERSION_DEFAULT: #ifdef USE_TLS_SRP -- 2.1.3
signature.asc
Description: Digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
