From fb9f1c0356d4907a045391840d57bbe21cbf83a8 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 11 Feb 2021 17:06:32 +0900
Subject: Update ssl_min_version to accept "all" and reject "SSLv2"

---
 url.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'url.c')

diff --git a/url.c b/url.c
index 4a228be..56f3222 100644
--- a/url.c
+++ b/url.c
@@ -297,6 +297,10 @@ init_PRNG()
 static int
 str_to_ssl_version(const char *name)
 {
+    if(!strcasecmp(name, "all"))
+	return 0;
+    if(!strcasecmp(name, "none"))
+	return 0;
 #ifdef TLS1_3_VERSION
     if (!strcasecmp(name, "TLSv1.3"))
 	return TLS1_3_VERSION;
@@ -317,11 +321,7 @@ str_to_ssl_version(const char *name)
 	return SSL3_VERSION;
     if (!strcasecmp(name, "SSLv3"))
 	return SSL3_VERSION;
-    if (!strcasecmp(name, "SSLv2.0"))
-	return SSL2_VERSION;
-    if (!strcasecmp(name, "SSLv2"))
-	return SSL2_VERSION;
-    return 0;
+    return -1;
 }
 #endif				/* SSL_CTX_set_min_proto_version */
 
@@ -372,7 +372,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 	if (ssl_min_version && *ssl_min_version != '\0') {
 	    int sslver;
 	    sslver = str_to_ssl_version(ssl_min_version);
-	    if (sslver <= 0
+	    if (sslver < 0
 		|| !SSL_CTX_set_min_proto_version(ssl_ctx, sslver)) {
 		free_ssl_ctx();
 		goto eend;
-- 
cgit v1.2.3