From 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 1 May 2016 17:05:38 +0200 Subject: tls: make setting pinnedkey option fail if not supported to make it obvious to users trying to use the feature with TLS backends not supporting it. Discussed in #781 Reported-by: Travis Burtrum --- lib/vtls/vtls.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/vtls/vtls.c') diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 69fb70fc7..ca505a71c 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -815,9 +815,9 @@ CURLcode Curl_pin_peer_pubkey(struct SessionHandle *data, if(!pubkey || !pubkeylen) return result; -#ifdef curlssl_sha256sum /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { +#ifdef curlssl_sha256sum /* compute sha256sum of public key */ sha256sumdigest = malloc(SHA256_DIGEST_LENGTH); if(!sha256sumdigest) @@ -870,11 +870,12 @@ CURLcode Curl_pin_peer_pubkey(struct SessionHandle *data, } while(end_pos && begin_pos); Curl_safefree(encoded); Curl_safefree(pinkeycopy); - return result; - } #else - (void)data; + /* without sha256 support, this cannot match */ + (void)data; #endif + return result; + } fp = fopen(pinnedpubkey, "rb"); if(!fp) -- cgit v1.2.3