curl_mtlnk_msg="no (--with-libmetalink)"
curl_psl_msg="no (--with-libpsl)"
- init_ssl_msg=${curl_ssl_msg}
+ ssl_backends=
dnl
dnl Save some initial values the user might have provided
OPT_WINSSL=$withval)
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then
+ ssl_msg=
if test "x$OPT_WINSSL" != "xno" &&
test "x$curl_cv_native_windows" = "xyes"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
AC_SUBST(USE_SCHANNEL, [1])
- curl_ssl_msg="enabled (Windows-native)"
+ ssl_msg="Windows-native"
WINSSL_ENABLED=1
# --with-winssl implies --enable-sspi
AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
else
AC_MSG_RESULT(no)
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
AC_MSG_RESULT(no)
fi
OPT_DARWINSSL=$withval)
AC_MSG_CHECKING([whether to enable Apple OS native SSL/TLS])
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then
if test "x$OPT_DARWINSSL" != "xno" &&
test -d "/System/Library/Frameworks/Security.framework"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support])
AC_SUBST(USE_DARWINSSL, [1])
- curl_ssl_msg="enabled (Apple OS-native)"
+ ssl_msg="$ssh_backends, Apple OS-native"
DARWINSSL_ENABLED=1
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
else
AC_MSG_RESULT(no)
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
AC_MSG_RESULT(no)
fi
AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
OPT_SSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
+if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
+ test X"$OPT_SSL" != Xno; then
+ ssl_msg=
+
dnl backup the pre-ssl variables
CLEANLDFLAGS="$LDFLAGS"
CLEANCPPFLAGS="$CPPFLAGS"
dnl Have the libraries--check for OpenSSL headers
AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
openssl/pem.h openssl/ssl.h openssl/err.h,
- curl_ssl_msg="enabled (OpenSSL)"
+ ssl_msg="OpenSSL"
OPENSSL_ENABLED=1
AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
test $ac_cv_header_crypto_h = yes &&
test $ac_cv_header_ssl_h = yes; then
dnl three matches
- curl_ssl_msg="enabled (OpenSSL)"
+ ssl_msg="OpenSSL"
OPENSSL_ENABLED=1
fi
fi
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
[Define to 1 if using BoringSSL.])
- curl_ssl_msg="enabled (BoringSSL)"
+ ssl_msg="BoringSSL"
],[
AC_MSG_RESULT([no])
])
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
[Define to 1 if using libressl.])
- curl_ssl_msg="enabled (libressl)"
+ ssl_msg="libressl"
],[
AC_MSG_RESULT([no])
])
CURL_CHECK_OPENSSL_API
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl **********************************************************************
AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
OPT_GNUTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then
+ ssl_msg=
if test X"$OPT_GNUTLS" != Xno; then
AC_SUBST(USE_GNUTLS, [1])
GNUTLS_ENABLED=1
USE_GNUTLS="yes"
- curl_ssl_msg="enabled (GnuTLS)"
+ ssl_msg="GnuTLS"
],
[
LIBS="$CLEANLIBS"
fi dnl GNUTLS not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ---
AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
OPT_POLARSSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then
+ ssl_msg=
if test X"$OPT_POLARSSL" != Xno; then
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
- curl_ssl_msg="enabled (PolarSSL)"
+ ssl_msg="PolarSSL"
])
fi
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
- curl_ssl_msg="enabled (PolarSSL)"
+ ssl_msg="PolarSSL"
],
[
CPPFLAGS=$_cppflags
fi dnl PolarSSL not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then
+ ssl_msg=
if test X"$OPT_MBEDTLS" != Xno; then
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
- curl_ssl_msg="enabled (mbedTLS)"
+ ssl_msg="mbedTLS"
], [], -lmbedx509 -lmbedcrypto)
fi
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
- curl_ssl_msg="enabled (mbedTLS)"
+ ssl_msg="mbedTLS"
],
[
CPPFLAGS=$_cppflags
fi dnl mbedTLS not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
OPT_CYASSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then
+ ssl_msg=
if test X"$OPT_CYASSL" != Xno; then
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (CyaSSL)"
+ ssl_msg="CyaSSL"
])
fi
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (CyaSSL)"
+ ssl_msg="CyaSSL"
],
[
CPPFLAGS=$_cppflags
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (WolfSSL)"
+ ssl_msg="WolfSSL"
],
[
AC_MSG_RESULT(no)
fi dnl CyaSSL not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
AC_HELP_STRING([--without-nss], [disable NSS detection]),
OPT_NSS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
+ ssl_msg=
if test X"$OPT_NSS" != Xno; then
AC_SUBST(USE_NSS, [1])
USE_NSS="yes"
NSS_ENABLED=1
- curl_ssl_msg="enabled (NSS)"
+ ssl_msg="NSS"
],
[
LDFLAGS="$CLEANLDFLAGS"
fi dnl NSS not disabled
-fi dnl curl_ssl_msg = init_ssl_msg
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
OPT_AXTLS=off
AC_HELP_STRING([--without-axtls], [disable axTLS]),
OPT_AXTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_AXTLS" != xno; then
+ ssl_msg=
if test X"$OPT_AXTLS" != Xno; then
dnl backup the pre-axtls variables
CLEANLDFLAGS="$LDFLAGS"
AC_SUBST(USE_AXTLS, [1])
AXTLS_ENABLED=1
USE_AXTLS="yes"
- curl_ssl_msg="enabled (axTLS)"
+ ssl_msg="axTLS"
if test "x$cross_compiling" != "xyes"; then
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS"
LIBS="$CLEANLIBS"
])
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
SSL_ENABLED="1"
fi
+if test -n "$ssl_backends"; then
+ curl_ssl_msg="enabled ($ssl_backends)"
+fi
+
dnl **********************************************************************
dnl Check for the CA bundle
dnl **********************************************************************
Curl_safefree(sslc->clientcert);
}
+#ifdef USE_SSL
+static int multissl_init(void);
+#endif
+
int Curl_ssl_backend(void)
{
#ifdef USE_SSL
+ multissl_init();
return Curl_ssl->id;
#else
return (int)CURLSSLBACKEND_NONE;
return CURLE_OK;
}
+static int Curl_multissl_init(void)
+{
+ if(multissl_init())
+ return 1;
+ return Curl_ssl->init();
+}
+
+static size_t Curl_multissl_version(char *buffer, size_t size)
+{
+ if(multissl_init())
+ return 0;
+ return Curl_ssl->version(buffer, size);
+}
+
+static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex)
+{
+ if(multissl_init())
+ return CURLE_FAILED_INIT;
+ return Curl_ssl->connect(conn, sockindex);
+}
+
+static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ if(multissl_init())
+ return CURLE_FAILED_INIT;
+ return Curl_ssl->connect_nonblocking(conn, sockindex, done);
+}
+
+static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info)
+{
+ if(multissl_init())
+ return NULL;
+ return Curl_ssl->get_internals(connssl, info);
+}
+
+static void Curl_multissl_close(struct connectdata *conn, int sockindex)
+{
+ if(multissl_init())
+ return;
+ Curl_ssl->close(conn, sockindex);
+}
+
+static const struct Curl_ssl Curl_ssl_multi = {
+ "multi", /* name */
+ CURLSSLBACKEND_NONE,
+
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ (size_t)-1, /* something insanely large to be on the safe side */
+
+ Curl_multissl_init, /* init */
+ Curl_none_cleanup, /* cleanup */
+ Curl_multissl_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_none_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_none_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_multissl_connect, /* connect */
+ Curl_multissl_connect_nonblocking, /* connect_nonblocking */
+ Curl_multissl_get_internals, /* get_internals */
+ Curl_multissl_close, /* close */
+ Curl_none_close_all, /* close_all */
+ Curl_none_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
+};
+
+const struct Curl_ssl *Curl_ssl = &Curl_ssl_multi;
+
+static const struct Curl_ssl *available_backends[] = {
+#if defined(USE_AXTLS)
+ &Curl_ssl_axtls,
+#endif
+#if defined(USE_CYASSL)
+ &Curl_ssl_cyassl,
+#endif
+#if defined(USE_DARWINSSL)
+ &Curl_ssl_darwinssl,
+#endif
+#if defined(USE_GNUTLS)
+ &Curl_ssl_gnutls,
+#endif
+#if defined(USE_GSKIT)
+ &Curl_ssl_gskit,
+#endif
+#if defined(USE_MBEDTLS)
+ &Curl_ssl_mbedtls,
+#endif
+#if defined(USE_NSS)
+ &Curl_ssl_nss,
+#endif
+#if defined(USE_OPENSSL)
+ &Curl_ssl_openssl,
+#endif
+#if defined(USE_POLARSSL)
+ &Curl_ssl_polarssl,
+#endif
+#if defined(USE_SCHANNEL)
+ &Curl_ssl_schannel,
+#endif
+ NULL
+};
+
+static int multissl_init(void)
+{
+ const char *env;
+ int i;
+
+ if(Curl_ssl != &Curl_ssl_multi)
+ return 1;
+
+ if(!available_backends[0])
+ return 1;
+
+ env = getenv("CURL_SSL_BACKEND");
+ if(env)
+ for(i = 0; available_backends[i]; i++)
+ if(!strcmp(env, available_backends[i]->name)) {
+ Curl_ssl = available_backends[i];
+ return 0;
+ }
+
+ /* Fall back to first available backend */
+ Curl_ssl = available_backends[0];
+ return 0;
+}
+
#endif /* USE_SSL */
projects / curl / commitdiff