From 151da51404b46e011bfd0466af5d31af4cb33721 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 16 Dec 2015 10:25:31 +0100 Subject: cyassl: deal with lack of *get_peer_certificate The function is only present in wolfssl/cyassl if it was built with --enable-opensslextra. With these checks added, pinning support is disabled unless the TLS lib has that function available. Also fix the mistake in configure that checks for the wrong lib name. Closes #566 --- lib/vtls/cyassl.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 20629f45d..e762d339f 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -413,6 +413,8 @@ cyassl_connect_step2(struct connectdata *conn, } if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) { +#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ + defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) X509 *x509; const char *x509_der; int x509_der_len; @@ -449,6 +451,10 @@ cyassl_connect_step2(struct connectdata *conn, failf(data, "SSL: public key does not match pinned public key!"); return result; } +#else + failf(data, "Library lacks pinning support built-in"); + return CURLE_NOT_BUILT_IN; +#endif } conssl->connecting_state = ssl_connect_3; -- cgit v1.2.3