diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2015-12-16 10:25:31 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-12-16 10:27:18 +0100 |
| commit | 151da51404b46e011bfd0466af5d31af4cb33721 (patch) | |
| tree | cb735f260c5c8706288ac56b73ef6b81017b14e8 | |
| parent | 1ff3a07be9b875155b0076a91a0b8f5c5fd22067 (diff) | |
cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.
Also fix the mistake in configure that checks for the wrong lib name.
Closes #566
| -rw-r--r-- | configure.ac | 11 | ||||
| -rw-r--r-- | lib/vtls/cyassl.c | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index 3031f05ae..4fba81715 100644 --- a/configure.ac +++ b/configure.ac @@ -2182,7 +2182,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then fi if test "x$USE_CYASSL" = "xyes"; then - AC_MSG_NOTICE([detected CyaSSL]) + AC_MSG_NOTICE([detected $cyassllibname]) dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! AC_CHECK_SIZEOF(long long) @@ -2195,9 +2195,14 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then LIBS="-l$cyassllibname -lm $LIBS" - if test "x$cyassllib" = "xwolfssl"; then + if test "x$cyassllibname" = "xwolfssl"; then dnl Recent WolfSSL versions build without SSLv3 by default - AC_CHECK_FUNCS(wolfSSLv3_client_method) + dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* + AC_CHECK_FUNCS(wolfSSLv3_client_method \ + wolfSSL_get_peer_certificate) + else + dnl Cyassl needs configure --enable-opensslextra to have *get_peer* + AC_CHECK_FUNCS(CyaSSL_get_peer_certificate) fi if test -n "$cyassllib"; then diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 20629f45d..e762d339f 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -413,6 +413,8 @@ cyassl_connect_step2(struct connectdata *conn, } if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) { +#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ + defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) X509 *x509; const char *x509_der; int x509_der_len; @@ -449,6 +451,10 @@ cyassl_connect_step2(struct connectdata *conn, failf(data, "SSL: public key does not match pinned public key!"); return result; } +#else + failf(data, "Library lacks pinning support built-in"); + return CURLE_NOT_BUILT_IN; +#endif } conssl->connecting_state = ssl_connect_3; |