diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-05-01 17:05:38 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-05-01 17:05:38 +0200 |
commit | 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 (patch) | |
tree | 78f3a526d4afe2c60c1e6f26dfabc5d61cd42f79 /lib/vtls/cyassl.h | |
parent | 100c7b478fd17fd0c3ffacda7d6aa4b536bc7c6e (diff) |
tls: make setting pinnedkey option fail if not supported
to make it obvious to users trying to use the feature with TLS backends
not supporting it.
Discussed in #781
Reported-by: Travis Burtrum
Diffstat (limited to 'lib/vtls/cyassl.h')
-rw-r--r-- | lib/vtls/cyassl.h | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h index 52a5e15ae..110612555 100644 --- a/lib/vtls/cyassl.h +++ b/lib/vtls/cyassl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,6 +25,18 @@ #ifdef USE_CYASSL +/* KEEP_PEER_CERT is a product of the presence of build time symbol + OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is + in wolfSSL's settings.h, and the latter two are build time symbols in + options.h. */ +#ifndef KEEP_PEER_CERT +#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \ + defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ + (defined(OPENSSL_EXTRA) && !defined(NO_CERTS)) +#define KEEP_PEER_CERT +#endif +#endif + CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex); bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex); int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex); @@ -53,6 +65,11 @@ void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ /* this backend supports CURLOPT_SSL_CTX_* */ #define have_curlssl_ssl_ctx 1 +#ifdef KEEP_PEER_CERT +/* this backend supports CURLOPT_PINNEDPUBLICKEY */ +#define have_curlssl_pinnedpubkey 1 +#endif + /* API setup for CyaSSL */ #define curlssl_init Curl_cyassl_init #define curlssl_cleanup() Curl_nop_stmt |