TRUE : FALSE;
break;
case CURLOPT_SSL_CTX_FUNCTION:
-#ifdef have_curlssl_ssl_ctx
/*
* Set a SSL_CTX callback
*/
- data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_SSL_CTX_DATA:
-#ifdef have_curlssl_ssl_ctx
/*
* Set a SSL_CTX callback parameter pointer
*/
- data->set.ssl.fsslctxp = va_arg(param, void *);
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctxp = va_arg(param, void *);
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_SSL_FALSESTART:
/*
data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_CERTINFO:
-#ifdef have_curlssl_certinfo
- data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_certinfo)
+ data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PINNEDPUBLICKEY:
-#ifdef have_curlssl_pinnedpubkey /* only by supported backends */
/*
* Set pinned public key for SSL connection.
* Specify file name of the public key in DER format.
*/
- result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PROXY_PINNEDPUBLICKEY:
-#ifdef have_curlssl_pinnedpubkey /* only by supported backends */
/*
* Set pinned public key for SSL connection.
* Specify file name of the public key in DER format.
*/
- result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_CAINFO:
/*
va_arg(param, char *));
break;
case CURLOPT_CAPATH:
-#ifdef have_curlssl_ca_path /* not supported by all backends */
/*
* Set CA path info for SSL connection. Specify directory name of the CA
* certificates which have been prepared using openssl c_rehash utility.
*/
- /* This does not work on windows. */
- result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PROXY_CAPATH:
-#ifdef have_curlssl_ca_path /* not supported by all backends */
/*
* Set CA path info for SSL connection proxy. Specify directory name of the
* CA certificates which have been prepared using openssl c_rehash utility.
*/
- /* This does not work on windows. */
- result = setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_CRLFILE:
/*
const struct Curl_ssl Curl_ssl_axtls = {
"axtls", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_axtls_init, /* init */
Curl_axtls_cleanup, /* cleanup */
Curl_axtls_version, /* version */
#define CYASSL_MAX_ERROR_SZ 80
#endif
+/* KEEP_PEER_CERT is a product of the presence of build time symbol
+ OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
+ in wolfSSL's settings.h, and the latter two are build time symbols in
+ options.h. */
+#ifndef KEEP_PEER_CERT
+#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \
+ defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
+ (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
+#define KEEP_PEER_CERT
+#endif
+#endif
+
static Curl_recv cyassl_recv;
static Curl_send cyassl_send;
const struct Curl_ssl Curl_ssl_cyassl = {
"cyassl", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef KEEP_PEER_CERT
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif
+ 1, /* have_ssl_ctx */
+
Curl_cyassl_init, /* init */
Curl_none_cleanup, /* cleanup */
Curl_cyassl_version, /* version */
#ifdef USE_CYASSL
-/* KEEP_PEER_CERT is a product of the presence of build time symbol
- OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
- in wolfSSL's settings.h, and the latter two are build time symbols in
- options.h. */
-#ifndef KEEP_PEER_CERT
-#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \
- defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
- (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
-#define KEEP_PEER_CERT
-#endif
-#endif
-
CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex);
int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
/* Set the API backend definition to CyaSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
-#ifdef KEEP_PEER_CERT
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-#endif
-
#endif /* USE_CYASSL */
#endif /* HEADER_CURL_CYASSL_H */
#define ioErr -36
#define paramErr -50
+/* pinned public key support tests */
+
+/* version 1 supports macOS 10.12+ and iOS 10+ */
+#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
+ (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
+#define DARWIN_SSL_PINNEDPUBKEY_V1 1
+#endif
+
+/* version 2 supports MacOSX 10.7+ */
+#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
+#define DARWIN_SSL_PINNEDPUBKEY_V2 1
+#endif
+
+#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2)
+/* this backend supports CURLOPT_PINNEDPUBLICKEY */
+#define DARWIN_SSL_PINNEDPUBKEY 1
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
#ifdef DARWIN_SSL_PINNEDPUBKEY
/* both new and old APIs return rsa keys missing the spki header (not DER) */
static const unsigned char rsa4096SpkiHeader[] = {
const struct Curl_ssl Curl_ssl_darwinssl = {
"darwinssl", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+ 0, /* have_ssl_ctx */
+
Curl_none_init, /* init */
Curl_none_cleanup, /* cleanup */
Curl_darwinssl_version, /* version */
/* Set the API backend definition to SecureTransport */
#define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL
-/* pinned public key support tests */
-
-/* version 1 supports macOS 10.12+ and iOS 10+ */
-#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
- (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
-#define DARWIN_SSL_PINNEDPUBKEY_V1 1
-#endif
-
-/* version 2 supports MacOSX 10.7+ */
-#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
-#define DARWIN_SSL_PINNEDPUBKEY_V2 1
-#endif
-
-#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2)
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define DARWIN_SSL_PINNEDPUBKEY 1
-#define have_curlssl_pinnedpubkey 1
-#endif /* DARWIN_SSL_PINNEDPUBKEY */
-
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */
const struct Curl_ssl Curl_ssl_gskit = {
"gskit", /* name */
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_gskit_init, /* init */
Curl_gskit_cleanup, /* cleanup */
Curl_gskit_version, /* version */
/* Set the API backend definition to GSKit */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
#endif /* USE_GSKIT */
#endif /* HEADER_CURL_GSKIT_H */
const struct Curl_ssl Curl_ssl_gnutls = {
"gnutls", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_gtls_init, /* init */
Curl_gtls_cleanup, /* cleanup */
Curl_gtls_version, /* version */
/* Set the API backend definition to GnuTLS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_GNUTLS */
#endif /* HEADER_CURL_GTLS_H */
const struct Curl_ssl Curl_ssl_mbedtls = {
"mbedtls", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+
Curl_mbedtls_init, /* init */
Curl_mbedtls_cleanup, /* cleanup */
Curl_mbedtls_version, /* version */
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
extern const struct Curl_ssl Curl_ssl_mbedtls;
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
const struct Curl_ssl Curl_ssl_nss = {
"nss", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_nss_init, /* init */
Curl_nss_cleanup, /* cleanup */
Curl_nss_version, /* version */
/* Set the API backend definition to NSS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_NSS
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_NSS */
#endif /* HEADER_CURL_NSSG_H */
const struct Curl_ssl Curl_ssl_openssl = {
"openssl", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+
Curl_ossl_init, /* init */
Curl_ossl_cleanup, /* cleanup */
Curl_ossl_version, /* version */
/* Set the API backend definition to OpenSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#define DEFAULT_CIPHER_SELECTION \
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
const struct Curl_ssl Curl_ssl_polarssl = {
"polarssl", /* name */
+ 1, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_polarssl_init, /* init */
Curl_polarssl_cleanup, /* cleanup */
Curl_polarssl_version, /* version */
/* Set the API backend definition to PolarSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_POLARSSL */
#endif /* HEADER_CURL_POLARSSL_H */
const struct Curl_ssl Curl_ssl_schannel = {
"schannel", /* name */
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_schannel_init, /* init */
Curl_schannel_cleanup, /* cleanup */
Curl_schannel_version, /* version */
/* Set the API backend definition to Schannel */
#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
#endif /* USE_SCHANNEL */
#endif /* HEADER_CURL_SCHANNEL_H */
struct Curl_ssl {
const char *name;
+ unsigned have_ca_path:1; /* supports CAPATH */
+ unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */
+ unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */
+ unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */
+
int (*init)(void);
void (*cleanup)(void);
projects / curl / commitdiff