diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index f4cbe88080..7c62271326 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -323,8 +323,8 @@ gnutls_set_ssl_version_min_max(struct Curl_easy *data, long ssl_version = conn_config->version; long ssl_version_max = conn_config->version_max; - if((ssl_version == CURL_SSLVERSION_DEFAULT) || - (ssl_version == CURL_SSLVERSION_TLSv1)) + DEBUGASSERT(ssl_version != CURL_SSLVERSION_DEFAULT); + if(ssl_version <= CURL_SSLVERSION_TLSv1) ssl_version = CURL_SSLVERSION_TLSv1_0; if((ssl_version_max == CURL_SSLVERSION_MAX_NONE) || (ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT)) diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index b4ef84799d..8e4912a45f 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -198,8 +198,8 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, #endif ; + DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT); switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index ae1fe6cbb1..d6996d680f 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3620,11 +3620,11 @@ static CURLcode ossl_init_method(struct Curl_cfilter *cf, *pmethod = NULL; *pssl_version_min = conn_config->version; + DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT); switch(peer->transport) { case TRNSPRT_TCP: /* check to see if we have been told to use an explicit SSL/TLS version */ switch(*pssl_version_min) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: @@ -3770,13 +3770,13 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, if(!ssl_config->enable_beast) ctx_options &= ~(ctx_option_t)SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + DEBUGASSERT(ssl_version_min != CURL_SSLVERSION_DEFAULT); switch(ssl_version_min) { case CURL_SSLVERSION_SSLv2: case CURL_SSLVERSION_SSLv3: return CURLE_NOT_BUILT_IN; /* "--tlsv" options mean TLS >= version */ - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */ case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */ case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */ diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index 79c8146b0d..a326aae877 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -533,8 +533,8 @@ init_config_builder(struct Curl_easy *data, CURLcode result = CURLE_OK; rustls_result rr; + DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT); switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index fd268c92a3..d90c86d99f 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -428,8 +428,8 @@ static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf, else infof(data, "schannel: enabled automatic use of client certificate"); + DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT); switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 84180cad4e..a90b5bf439 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -1028,8 +1028,9 @@ static CURLcode ssl_version(struct Curl_easy *data, { int res; *min_version = *max_version = 0; + DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT); + switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: *min_version = TLS1_VERSION;