From 151da51404b46e011bfd0466af5d31af4cb33721 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 16 Dec 2015 10:25:31 +0100
Subject: cyassl: deal with lack of *get_peer_certificate

The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566
---
 lib/vtls/cyassl.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib/vtls/cyassl.c')

diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 20629f45d..e762d339f 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -413,6 +413,8 @@ cyassl_connect_step2(struct connectdata *conn,
   }
 
   if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) {
+#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) ||       \
+  defined(HAVE_CYASSL_GET_PEER_CERTIFICATE)
     X509 *x509;
     const char *x509_der;
     int x509_der_len;
@@ -449,6 +451,10 @@ cyassl_connect_step2(struct connectdata *conn,
       failf(data, "SSL: public key does not match pinned public key!");
       return result;
     }
+#else
+    failf(data, "Library lacks pinning support built-in");
+    return CURLE_NOT_BUILT_IN;
+#endif
   }
 
   conssl->connecting_state = ssl_connect_3;
-- 
cgit v1.2.3