diff options
author | Christian Heimes <christian@python.org> | 2018-09-21 10:37:43 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-09-24 08:01:18 +0200 |
commit | b939bc47b27cd57c6ebb852ad653933e4124b452 (patch) | |
tree | 0405a980d8ced234f9508160a02a54b87c034382 /lib | |
parent | 55b51b8c493ee37e1cb4a57255ef38ce595a4186 (diff) |
OpenSSL: enable TLS 1.3 post-handshake auth
OpenSSL 1.1.1 requires clients to opt-in for post-handshake
authentication.
Fixes: https://github.com/curl/curl/issues/3026
Signed-off-by: Christian Heimes <christian@python.org>
Closes https://github.com/curl/curl/pull/3027
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 55226e4ba..230eea2d0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -177,6 +177,7 @@ !defined(LIBRESSL_VERSION_NUMBER) && \ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES +#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH #endif #if defined(LIBRESSL_VERSION_NUMBER) @@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) } #endif +#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH + /* OpenSSL 1.1.1 requires clients to opt-in for PHA */ + SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1); +#endif + #ifdef USE_TLS_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); |