aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-02-22 08:04:09 +0100
committerDaniel Stenberg <daniel@haxx.se>2019-02-23 11:47:24 +0100
commit300def7d4056178091b530e9304f8609d6d7ee21 (patch)
tree3ba06e4aaec71b1af1db3f7587d50468d074c3df
parent11974ac859c5d82def59e837e0db56fef7f6794e (diff)
wolfssl: stop custom-adding curves
since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in wolfSSL 3.10.2 and later) it sends these curves by default already. Pointed-out-by: David Garske Closes #3599
-rwxr-xr-xconfigure.ac1
-rw-r--r--lib/vtls/cyassl.c21
2 files changed, 1 insertions, 21 deletions
diff --git a/configure.ac b/configure.ac
index 462ed8134..1fc9d34d5 100755
--- a/configure.ac
+++ b/configure.ac
@@ -2384,7 +2384,6 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then
dnl Recent WolfSSL versions build without SSLv3 by default
dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
AC_CHECK_FUNCS(wolfSSLv3_client_method \
- wolfSSL_CTX_UseSupportedCurve \
wolfSSL_get_peer_certificate \
wolfSSL_UseALPN)
else
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index ea96cf65e..c7a3268ef 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -67,15 +67,6 @@ and that's a problem since options.h hasn't been included yet. */
#endif
#endif
-/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
- supported curve extension in options.h. Note ECC is enabled separately. */
-#ifndef HAVE_SUPPORTED_CURVES
-#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
- defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
-#define HAVE_SUPPORTED_CURVES
-#endif
-#endif
-
#include <limits.h>
#include "urldata.h"
@@ -364,16 +355,6 @@ cyassl_connect_step1(struct connectdata *conn,
}
#endif
-#ifdef HAVE_SUPPORTED_CURVES
- /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
- https://github.com/wolfSSL/wolfssl/issues/366
- The supported curves below are those also supported by OpenSSL 1.0.2 and
- in the same order. */
- CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */
- CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */
- CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */
-#endif
-
/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = CURLE_OK;