Add --tls-max to C (#642)

curlconverter · Mar 15, 2024 · 3eb2ac1 · 3eb2ac1
1 parent 598d3c4
commit 3eb2ac1
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 49 deletions.
diff --git a/src/Request.ts b/src/Request.ts
@@ -171,16 +171,12 @@ export interface Request {
  hsts?: Word[]; // a filename
  alpn?: boolean;
 
+ tlsVersion?: "1" | "1.0" | "1.1" | "1.2" | "1.3";
  tlsMax?: Word;
  tls13Ciphers?: Word;
  tlsauthtype?: Word;
  tlspassword?: Word;
  tlsuser?: Word;
- "tlsv1.0"?: boolean;
- "tlsv1.1"?: boolean;
- "tlsv1.2"?: boolean;
- "tlsv1.3"?: boolean;
- tlsv1?: boolean;
  sslAutoClientCert?: boolean;
  sslNoRevoke?: boolean;
  sslReqd?: boolean;
@@ -1217,6 +1213,9 @@ function buildRequest(
  request.alpn = config.alpn;
  }
 
+ if (config.tlsVersion) {
+ request.tlsVersion = config.tlsVersion;
+ }
  if (config["tls-max"]) {
  request.tlsMax = config["tls-max"];
  }
@@ -1232,21 +1231,6 @@ function buildRequest(
  if (config["tlsuser"]) {
  request.tlsuser = config["tlsuser"];
  }
- if (Object.prototype.hasOwnProperty.call(config, "tlsv1.0")) {
- request["tlsv1.0"] = config["tlsv1.0"];
- }
- if (Object.prototype.hasOwnProperty.call(config, "tlsv1.1")) {
- request["tlsv1.1"] = config["tlsv1.1"];
- }
- if (Object.prototype.hasOwnProperty.call(config, "tlsv1.2")) {
- request["tlsv1.2"] = config["tlsv1.2"];
- }
- if (Object.prototype.hasOwnProperty.call(config, "tlsv1.3")) {
- request["tlsv1.3"] = config["tlsv1.3"];
- }
- if (Object.prototype.hasOwnProperty.call(config, "tlsv1")) {
- request.tlsv1 = config["tlsv1"];
- }
  if (Object.prototype.hasOwnProperty.call(config, "ssl-allow-beast")) {
  request.sslAllowBeast = config["ssl-allow-beast"];
  }

diff --git a/src/curl/opts.ts b/src/curl/opts.ts
@@ -656,6 +656,7 @@ export interface OperationConfig {
  "telnet-option"?: Word[];
 
  httpVersion?: "1.0" | "1.1" | "2" | "2-prior-knowledge" | "3" | "3-only";
+ tlsVersion?: "1" | "1.0" | "1.1" | "1.2" | "1.3";
 
  netrc?: boolean;
  "netrc-optional"?: boolean;
@@ -1173,6 +1174,21 @@ function setArgValue(
  case "http3-only":
  config.httpVersion = "3-only";
  break;
+ case "tlsv1":
+ config.tlsVersion = "1";
+ break;
+ case "tlsv1.0":
+ config.tlsVersion = "1.0";
+ break;
+ case "tlsv1.1":
+ config.tlsVersion = "1.1";
+ break;
+ case "tlsv1.2":
+ config.tlsVersion = "1.2";
+ break;
+ case "tlsv1.3":
+ config.tlsVersion = "1.3";
+ break;
  case "verbose":
  case "version":
  case "trace-time":

diff --git a/src/generators/c.ts b/src/generators/c.ts
@@ -174,15 +174,14 @@ export const supportedArgs = new Set([
  "ssl-reqd",
  "ssl-revoke-best-effort",
 
- // "sslv2",
- // "sslv3",
+ // "sslv2", // ignored
+ // "sslv3", // ignored
  "tlsv1",
  "tlsv1.0",
  "tlsv1.1",
  "tlsv1.2",
  "tlsv1.3",
- // TODO
- // "tls-max",
+ "tls-max",
 
  // "false-start",
  "hsts",
@@ -861,33 +860,61 @@ function requestToC(
  code += " curl_easy_setopt(hnd, CURLOPT_DOH_SSL_VERIFYSTATUS, 1L);\n";
  }
 
- if (
- request["tlsv1.3"] ||
- request["tlsv1.2"] ||
- request["tlsv1.1"] ||
- request["tlsv1.0"] ||
- request.tlsv1
- ) {
- if (request["tlsv1.3"]) {
- code +=
- " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1_3);\n";
- } else if (request["tlsv1.2"]) {
- code +=
- " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1_2);\n";
- } else if (request["tlsv1.1"]) {
- code +=
- " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1_1);\n";
- } else if (request["tlsv1.0"]) {
- code +=
- " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1_0);\n";
- } else if (request.tlsv1) {
- code +=
- " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1);\n";
+ let tlsVersion = null;
+ if (request.tlsVersion) {
+ tlsVersion = {
+ "1": "CURL_SSLVERSION_TLSv1",
+ "1.0": "CURL_SSLVERSION_TLSv1_0",
+ "1.1": "CURL_SSLVERSION_TLSv1_1",
+ "1.2": "CURL_SSLVERSION_TLSv1_2",
+ "1.3": "CURL_SSLVERSION_TLSv1_3",
+ }[request.tlsVersion];
+ }
+ let tlsMax = null;
+ if (request.tlsMax) {
+ if (request.tlsMax.isString()) {
+ const tlsMaxVal = request.tlsMax.toString();
+ switch (tlsMaxVal) {
+ case "1.0":
+ tlsMax = "CURL_SSLVERSION_MAX_TLSv1_0";
+ break;
+ case "1.1":
+ tlsMax = "CURL_SSLVERSION_MAX_TLSv1_1";
+ break;
+ case "1.2":
+ tlsMax = "CURL_SSLVERSION_MAX_TLSv1_2";
+ break;
+ case "1.3":
+ tlsMax = "CURL_SSLVERSION_MAX_TLSv1_3";
+ break;
+ case "default":
+ tlsMax = "CURL_SSLVERSION_MAX_DEFAULT";
+ break;
+ default:
+ warnings.push([
+ "tls-max",
+ "unknown value for --tls-max: " + JSON.stringify(tlsMaxVal),
+ ]);
+ }
+ } else {
+ warnings.push([
+ "tls-max",
+ "unparseable value for --tls-max: " +
+ JSON.stringify(request.tlsMax.toString()),
+ ]);
+ }
+ }
+ if (tlsVersion || tlsMax) {
+ if (!tlsVersion) {
+ // not really necessary since it's 0
+ tlsVersion = "CURL_SSLVERSION_DEFAULT";
  }
+ code +=
+ " curl_easy_setopt(hnd, CURLOPT_SSLVERSION, (long)" +
+ tlsVersion +
+ (tlsMax ? " | " + tlsMax : "") +
+ ");\n";
  }
- // if (request.tlsMax) {
- // code += ' curl_easy_setopt(hnd, CURLOPT_SSLVERSION, 393216L);\n';
- // }
  if (request.proxyTlsv1) {
  code +=
  " curl_easy_setopt(hnd, CURLOPT_PROXY_SSLVERSION, (long)CURL_SSLVERSION_TLSv1);\n";