diff --git a/doc/tclcurl.n b/doc/tclcurl.n index 0c6645c..0c5b43e 100755 --- a/doc/tclcurl.n +++ b/doc/tclcurl.n @@ -1672,6 +1672,10 @@ Define maximum supported TLS version as TLSv1.2 Define maximum supported TLS version as TLSv1.3 .RE +.TP +.B -sslversionandmax +Provide a 2 item list of sslversion and ssl max version. This is to use both items at the same time. + .TP .B -sslverifypeer This option determines whether TclCurl verifies the authenticity of the peer's certificate. diff --git a/generic/tclcurl.c b/generic/tclcurl.c index a6d9505..541cdf0 100755 --- a/generic/tclcurl.c +++ b/generic/tclcurl.c @@ -482,6 +482,7 @@ curlSetOpts(Tcl_Interp *interp, struct curlObjData *curlData, Tcl_Obj **httpPostData; Tcl_Obj **protocols; + Tcl_Obj **sslversionandmax; int curlTableIndex,formaddError,formArrayIndex; struct formArrayStruct *newFormArray; struct curl_forms *formArray; @@ -489,6 +490,7 @@ curlSetOpts(Tcl_Interp *interp, struct curlObjData *curlData, size_t contentslen; unsigned long int protocolMask; + unsigned long int sslversionMask; switch(tableIndex) { case 0: @@ -2263,6 +2265,72 @@ curlSetOpts(Tcl_Interp *interp, struct curlObjData *curlData, tableIndex,objv)) { return TCL_ERROR; } + case 176: + if (Tcl_ListObjGetElements(interp,objv,&j,&sslversionandmax)==TCL_ERROR) { + return 1; + } + if (j!=2) { + curlErrorSetOpt(interp,configTable,tableIndex,"sslversionandmax requires a 2 element list"); + return TCL_ERROR; + } + + + sslversionMask=0; + if (Tcl_GetIndexFromObj(interp,sslversionandmax[0],sslversionnomax, + "sslversionnomax",TCL_EXACT,&curlTableIndex)==TCL_ERROR) { + return TCL_ERROR; + } + switch(curlTableIndex) { + case 0: + sslversionMask|=CURL_SSLVERSION_DEFAULT; + break; + case 1: + sslversionMask|=CURL_SSLVERSION_TLSv1; + break; + case 2: + sslversionMask|=CURL_SSLVERSION_SSLv2; + break; + case 3: + sslversionMask|=CURL_SSLVERSION_SSLv3; + break; + case 4: + sslversionMask|=CURL_SSLVERSION_TLSv1_0; + break; + case 5: + sslversionMask|=CURL_SSLVERSION_TLSv1_1; + break; + case 6: + sslversionMask|=CURL_SSLVERSION_TLSv1_2; + break; + case 7: + sslversionMask|=CURL_SSLVERSION_TLSv1_3; + } + + if (Tcl_GetIndexFromObj(interp,sslversionandmax[1],sslversionmax, + "sslversionmax",TCL_EXACT,&curlTableIndex)==TCL_ERROR) { + return TCL_ERROR; + } + switch(curlTableIndex) { + case 0: + sslversionMask|=CURL_SSLVERSION_MAX_DEFAULT; + break; + case 1: + sslversionMask|=CURL_SSLVERSION_MAX_TLSv1_0; + break; + case 2: + sslversionMask|=CURL_SSLVERSION_MAX_TLSv1_1; + break; + case 3: + sslversionMask|=CURL_SSLVERSION_MAX_TLSv1_2; + break; + case 4: + sslversionMask|=CURL_SSLVERSION_MAX_TLSv1_3; + } + + tmpObjPtr=Tcl_NewLongObj(sslversionMask); + if (SetoptLong(interp,curlHandle,CURLOPT_SSLVERSION,tableIndex,tmpObjPtr)) { + return TCL_ERROR; + } break; } return TCL_OK; diff --git a/generic/tclcurl.h b/generic/tclcurl.h index dcd8716..4b3d316 100755 --- a/generic/tclcurl.h +++ b/generic/tclcurl.h @@ -267,7 +267,7 @@ CONST static char *configTable[] = { "-fnmatchproc", "-resolve", "-tlsauthusername", "-tlsauthpassword", "-tlsauthtype", "-transferencoding", "-gssapidelegation", "-noproxy", "-telnetoptions", - "-cainfoblob", + "-cainfoblob", "-sslversionandmax", (char *) NULL }; @@ -359,6 +359,14 @@ CONST static char *sslversion[] = { "maxdefault", "maxtlsv1_0", "maxtlsv1_1", "maxtlsv1_2", "maxtlsv1_3", (char *)NULL }; +CONST static char *sslversionnomax[] = { + "default", "tlsv1", "sslv2", "sslv3", "tlsv1_0", "tlsv1_1", "tlsv1_2", "tlsv1_3", (char *)NULL +}; + +CONST static char *sslversionmax[] = { + "maxdefault", "maxtlsv1_0", "maxtlsv1_1", "maxtlsv1_2", "maxtlsv1_3", (char *)NULL +}; + CONST static char *ftpfilemethod[] = { "default", "multicwd", "nocwd", "singlecwd", (char *)NULL };