openssl: allow explicit sslv2 selection

If OpenSSL is built to support SSLv2 this brings back the ability to
explicitly select that as a protocol level.

Reported-by: Steve Holme
Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 42bca15..dba5256 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1599,6 +1599,17 @@ ossl_connect_step1(struct connectdata *conn,
     break;
 #endif
 
+#ifndef OPENSSL_NO_SSL2
+  case CURL_SSLVERSION_SSLv2:
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+#endif
+
   default:
     failf(data, "Unsupported SSL protocol version");
     return CURLE_SSL_CONNECT_ERROR;