From 937899a3b8e1124df7a66b83925349d5c9f9e5a9 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 20 Jun 2017 11:32:53 +0200 Subject: vtls: convert the have_curlssl_* constants to runtime flags The entire idea of introducing the Curl_ssl struct to describe SSL backends is to prepare for choosing the SSL backend at runtime. To that end, convert all the #ifdef have_curlssl_* style conditionals to use bit flags instead. Signed-off-by: Johannes Schindelin --- lib/vtls/darwinssl.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib/vtls/darwinssl.c') diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 23be96a20..4d755d6b6 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -118,6 +118,24 @@ #define ioErr -36 #define paramErr -50 +/* pinned public key support tests */ + +/* version 1 supports macOS 10.12+ and iOS 10+ */ +#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \ + (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)) +#define DARWIN_SSL_PINNEDPUBKEY_V1 1 +#endif + +/* version 2 supports MacOSX 10.7+ */ +#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) +#define DARWIN_SSL_PINNEDPUBKEY_V2 1 +#endif + +#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2) +/* this backend supports CURLOPT_PINNEDPUBLICKEY */ +#define DARWIN_SSL_PINNEDPUBKEY 1 +#endif /* DARWIN_SSL_PINNEDPUBKEY */ + #ifdef DARWIN_SSL_PINNEDPUBKEY /* both new and old APIs return rsa keys missing the spki header (not DER) */ static const unsigned char rsa4096SpkiHeader[] = { @@ -2860,6 +2878,15 @@ static ssize_t darwinssl_recv(struct connectdata *conn, const struct Curl_ssl Curl_ssl_darwinssl = { "darwinssl", /* name */ + 0, /* have_ca_path */ + 0, /* have_certinfo */ +#ifdef DARWIN_SSL_PINNEDPUBKEY + 1, /* have_pinnedpubkey */ +#else + 0, /* have_pinnedpubkey */ +#endif /* DARWIN_SSL_PINNEDPUBKEY */ + 0, /* have_ssl_ctx */ + Curl_none_init, /* init */ Curl_none_cleanup, /* cleanup */ Curl_darwinssl_version, /* version */ -- cgit v1.2.3