diff options
-rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 55226e4ba..230eea2d0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -177,6 +177,7 @@ !defined(LIBRESSL_VERSION_NUMBER) && \ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES +#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH #endif #if defined(LIBRESSL_VERSION_NUMBER) @@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) } #endif +#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH + /* OpenSSL 1.1.1 requires clients to opt-in for PHA */ + SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1); +#endif + #ifdef USE_TLS_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); |