wolfssl: handle builds without SSLv3 support

2 files changed, 14 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index 4c14e382e..3031f05ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2166,11 +2166,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
 	]])
       ],[
          AC_MSG_RESULT(yes)
-         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL/WolfSSL is enabled])
          AC_SUBST(USE_CYASSL, [1])
          CYASSL_ENABLED=1
          USE_CYASSL="yes"
-         curl_ssl_msg="enabled (CyaSSL)"
+         curl_ssl_msg="enabled (WolfSSL)"
        ],
        [
          AC_MSG_RESULT(no)
@@ -2195,6 +2195,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
 
       LIBS="-l$cyassllibname -lm $LIBS"
 
+      if test "x$cyassllib" = "xwolfssl"; then
+        dnl Recent WolfSSL versions build without SSLv3 by default
+        AC_CHECK_FUNCS(wolfSSLv3_client_method)
+      fi
+
       if test -n "$cyassllib"; then
         dnl when shared libs were found in a path that the run-time
         dnl linker doesn't search through, we need to add it to
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index f51b04192..20629f45d 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -143,8 +143,15 @@ cyassl_connect_step1(struct connectdata *conn,
     use_sni(TRUE);
     break;
   case CURL_SSLVERSION_SSLv3:
+    /* before WolfSSL SSLv3 was enabled by default, and starting in WolfSSL
+       we check for its presence since it is built without it by default */
+#if !defined(WOLFSSL_VERSION) || defined(HAVE_WOLFSSLV3_CLIENT_METHOD)
     req_method = SSLv3_client_method();
     use_sni(FALSE);
+#else
+    failf(data, "No support for SSLv3");
+    return CURLE_NOT_BUILT_IN;
+#endif
     break;
   case CURL_SSLVERSION_SSLv2:
     failf(data, "CyaSSL does not support SSLv2");