diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2016-03-29 19:06:55 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2016-03-29 19:06:55 -0400 |
commit | 79216287148c4ede29cd3a0b4c2dc961908c79d2 (patch) | |
tree | 2759adadb169efa7c922c3c1ee89045db3ecc7e6 /lib/vtls | |
parent | 27c99a37ba55a78e3227c7058cf7533bb4aa7296 (diff) |
wolfssl: Use ECC supported curves extension
https://github.com/wolfSSL/wolfssl/issues/366
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/cyassl.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 7fa853678..0bd318f7c 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -112,6 +112,15 @@ and that's a problem since options.h hasn't been included yet. */ #endif #endif +/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC + supported curve extension in options.h. Note ECC is enabled separately. */ +#ifndef HAVE_SUPPORTED_CURVES +#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \ + defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE) +#define HAVE_SUPPORTED_CURVES +#endif +#endif + static Curl_recv cyassl_recv; static Curl_send cyassl_send; @@ -313,6 +322,16 @@ cyassl_connect_step1(struct connectdata *conn, } #endif +#ifdef HAVE_SUPPORTED_CURVES + /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically: + https://github.com/wolfSSL/wolfssl/issues/366 + The supported curves below are those also supported by OpenSSL 1.0.2 and + in the same order. */ + CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */ + CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */ + CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */ +#endif + /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; |