From d2feb71752f193ced11c137bdf2026373ebc3dc5 Mon Sep 17 00:00:00 2001
From: "Kyle L. Huff" <code@curetheitch.com>
Date: Fri, 27 Mar 2015 07:22:32 -0400
Subject: cyassl: add SSL context callback support for CyaSSL

Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
---
 lib/vtls/cyassl.c | 18 ++++++++++++++++++
 lib/vtls/cyassl.h |  3 +++
 2 files changed, 21 insertions(+)

(limited to 'lib/vtls')

diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 32a4477cb..7a10eba12 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -201,6 +201,24 @@ cyassl_connect_step1(struct connectdata *conn,
                      data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
                      NULL);
 
+  /* give application a chance to interfere with SSL set up. */
+  if(data->set.ssl.fsslctx) {
+    CURLcode result = CURLE_OK;
+    result = (*data->set.ssl.fsslctx)(data, conssl->ctx,
+                                       data->set.ssl.fsslctxp);
+    if(result) {
+      failf(data, "error signaled by ssl ctx callback");
+      return result;
+    }
+  }
+#ifdef NO_FILESYSTEM
+  else if(data->set.ssl.verifypeer) {
+    failf(data, "CyaSSL: unable to verify certificate; no certificate",
+          " authorities registered");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+#endif
+
   /* Let's make an SSL structure */
   if(conssl->handle)
     SSL_free(conssl->handle);
diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h
index b492ffa96..ba64ab2ca 100644
--- a/lib/vtls/cyassl.h
+++ b/lib/vtls/cyassl.h
@@ -46,6 +46,9 @@ int Curl_cyassl_random(struct SessionHandle *data,
 /* Set the API backend definition to Schannel */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
 
+/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */
+#define have_curlssl_ssl_ctx 1
+
 /* API setup for CyaSSL */
 #define curlssl_init Curl_cyassl_init
 #define curlssl_cleanup() Curl_nop_stmt
-- 
cgit v1.2.3