|
|
Debian: 2125-1: openssl: buffer overflow
|
|
CURLOPT_SSL_OPTIONS(3) curl_easy_setopt options CURLOPT_SSL_OPTIONS(3) NAME
CURLOPT_SSL_OPTIONS - set SSL behavior options SYNOPSIS
#include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask); DESCRIPTION
Pass a long with a bitmask to tell libcurl about specific SSL behaviors. CURLSSLOPT_ALLOW_BEAST tells libcurl to not attempt to use any workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a work-around for this flaw although it might cause interop- erability problems with some (older) SSL implementations. WARNING: avoiding this work-around lessens the security, and by setting this option to 1 you ask for exactly that. This option is only supported for DarwinSSL, NSS and OpenSSL. Added in 7.44.0: CURLSSLOPT_NO_REVOKE tells libcurl to disable certificate revocation checks for those SSL backends where such behavior is present. Cur- rently this option is only supported for WinSSL (the native Windows SSL library), with an exception in the case of Windows' Untrusted Pub- lishers blacklist which it seems can't be bypassed. This option may have broader support to accommodate other SSL backends in the future. https://curl.haxx.se/docs/ssl-compared.html DEFAULT
0 PROTOCOLS
All TLS-based protocols EXAMPLE
TODO AVAILABILITY
Added in 7.25.0 RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. SEE ALSO
CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3), libcurl 7.54.0 February 03, 2016 CURLOPT_SSL_OPTIONS(3)
