aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-12-16 10:25:31 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-12-16 10:27:18 +0100
commit151da51404b46e011bfd0466af5d31af4cb33721 (patch)
treecb735f260c5c8706288ac56b73ef6b81017b14e8 /lib
parent1ff3a07be9b875155b0076a91a0b8f5c5fd22067 (diff)
cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with --enable-opensslextra. With these checks added, pinning support is disabled unless the TLS lib has that function available. Also fix the mistake in configure that checks for the wrong lib name. Closes #566
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/cyassl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 20629f45d..e762d339f 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -413,6 +413,8 @@ cyassl_connect_step2(struct connectdata *conn,
}
if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) {
+#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
+ defined(HAVE_CYASSL_GET_PEER_CERTIFICATE)
X509 *x509;
const char *x509_der;
int x509_der_len;
@@ -449,6 +451,10 @@ cyassl_connect_step2(struct connectdata *conn,
failf(data, "SSL: public key does not match pinned public key!");
return result;
}
+#else
+ failf(data, "Library lacks pinning support built-in");
+ return CURLE_NOT_BUILT_IN;
+#endif
}
conssl->connecting_state = ssl_connect_3;