add Http::set_ssl_version() to set the available TLS version to use

winixd/utils/http.cpp

@@ -73,6 +73,8 @@ Http & Http::begin()
 	debug_info = nullptr;
 	follow_location = true;
 	verify_ssl_cert = true;
+	forse_ssl_version = false;
+	ssl_version = 0;
 
 	return *this;
 }
@@ -451,6 +453,13 @@ void Http::allow_redirects(bool allow_redirects)
 }
 
 
+void Http::set_ssl_version(long ssl_version)
+{
+	this->forse_ssl_version = true;
+	this->ssl_version = ssl_version;
+}
+
+
 void Http::verify_ssl(bool verify)
 {
 	this->verify_ssl_cert = verify;
@@ -557,6 +566,11 @@ bool Http::fetch_internal(Method method, const char * url, const std::string * i
 		curl_easy_setopt(curl, CURLOPT_HEADERDATA,		&out_headers_stream);
 	}
 
+	if( forse_ssl_version )
+	{
+		curl_easy_setopt(curl, CURLOPT_SSLVERSION,  ssl_version);
+	}
+
 	// block the Expect: 100-continue header
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect
 	// https://httpwg.org/specs/rfc7231.html#header.expect

winixd/utils/http.h

@@ -159,6 +159,60 @@ public:
 	 */
 	void allow_redirects(bool allow_redirects);
 
+
+	/*
+	 * set ssl version to use, values for CURLOPT_SSLVERSION
+	 * https://curl.se/libcurl/c/CURLOPT_SSLVERSION.html
+	 *
+	 * CURL_SSLVERSION_DEFAULT
+	 * The default acceptable version range. The minimum acceptable version is by default TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule).
+	 *
+	 * CURL_SSLVERSION_TLSv1
+	 * TLS v1.0 or later
+	 *
+	 * CURL_SSLVERSION_SSLv2
+	 * SSL v2 - refused
+	 *
+	 * CURL_SSLVERSION_SSLv3
+	 * SSL v3 - refused
+	 *
+	 * CURL_SSLVERSION_TLSv1_0
+	 * TLS v1.0 or later (Added in 7.34.0)
+	 *
+	 * CURL_SSLVERSION_TLSv1_1
+	 * TLS v1.1 or later (Added in 7.34.0)
+	 *
+	 * CURL_SSLVERSION_TLSv1_2
+	 * TLS v1.2 or later (Added in 7.34.0)
+	 *
+	 * CURL_SSLVERSION_TLSv1_3
+	 * TLS v1.3 or later (Added in 7.52.0)
+	 *
+	 * The maximum TLS version can be set by using one of the CURL_SSLVERSION_MAX_ macros below.
+	 * It is also possible to OR one of the CURL_SSLVERSION_ macros with one of the CURL_SSLVERSION_MAX_ macros.
+	 * The MAX macros are not supported for WolfSSL.
+	 * CURL_SSLVERSION_MAX_DEFAULT
+	 *
+	 * The flag defines the maximum supported TLS version by libcurl, or the default value from the SSL library is used.
+	 * libcurl will use a sensible default maximum, which was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since
+	 * then - assuming the TLS library support it. (Added in 7.54.0)
+	 * CURL_SSLVERSION_MAX_TLSv1_0
+	 *
+	 * The flag defines maximum supported TLS version as TLS v1.0. (Added in 7.54.0)
+	 * CURL_SSLVERSION_MAX_TLSv1_1
+	 *
+	 * The flag defines maximum supported TLS version as TLS v1.1. (Added in 7.54.0)
+	 * CURL_SSLVERSION_MAX_TLSv1_2
+	 *
+	 * The flag defines maximum supported TLS version as TLS v1.2. (Added in 7.54.0)
+	 * CURL_SSLVERSION_MAX_TLSv1_3
+	 *
+	 * The flag defines maximum supported TLS version as TLS v1.3. (Added in 7.54.0)
+	 * In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were documented to allow only the specified
+	 * TLS version, but behavior was inconsistent depending on the TLS library.
+	 */
+	void set_ssl_version(long ssl_version);
+
 	/*
 	 * verify the peer's SSL certificate
 	 * default is true
@@ -217,6 +271,8 @@ private:
 	pt::Space * debug_info;
 	bool follow_location;
 	bool verify_ssl_cert;
+	bool forse_ssl_version;
+	long ssl_version;
 
 	std::wstring temp_header;
 	std::string temp_header_ascii;