From a360906de63debbf1f2f2a0eb008443a2df17291 Mon Sep 17 00:00:00 2001
From: Ales Mlakar <ales.mlakar@outfit7.com>
Date: Tue, 21 Feb 2017 13:15:56 +0100
Subject: mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION

Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html

Closes https://github.com/curl/curl/pull/1272
---
 lib/vtls/mbedtls.c | 10 ++++++++++
 lib/vtls/mbedtls.h |  3 +++
 2 files changed, 13 insertions(+)

(limited to 'lib/vtls')

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index b13171363..7cd2d6d0f 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -495,6 +495,16 @@ mbed_connect_step1(struct connectdata *conn,
   mbedtls_debug_set_threshold(4);
 #endif
 
+  /* give application a chance to interfere with mbedTLS set up. */
+  if(data->set.ssl.fsslctx) {
+    ret = (*data->set.ssl.fsslctx)(data, &connssl->config,
+                                   data->set.ssl.fsslctxp);
+    if(ret) {
+      failf(data, "error signaled by ssl ctx callback");
+      return ret;
+    }
+  }
+
   connssl->connecting_state = ssl_connect_2;
 
   return CURLE_OK;
diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index 5b0bcf6d7..71d17a491 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -56,6 +56,9 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
 /* this backends supports CURLOPT_PINNEDPUBLICKEY */
 #define have_curlssl_pinnedpubkey 1
 
+/* this backend supports CURLOPT_SSL_CTX_* */
+#define have_curlssl_ssl_ctx 1
+
 /* API setup for mbedTLS */
 #define curlssl_init() Curl_mbedtls_init()
 #define curlssl_cleanup() Curl_mbedtls_cleanup()
-- 
cgit v1.2.3