From 1ff3a07be9b875155b0076a91a0b8f5c5fd22067 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 16 Dec 2015 10:06:09 +0100 Subject: [PATCH] wolfssl: handle builds without SSLv3 support --- configure.ac | 9 +++++++-- lib/vtls/cyassl.c | 7 +++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 4c14e382e..3031f05ae 100644 --- a/configure.ac +++ b/configure.ac @@ -2166,11 +2166,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then ]]) ],[ AC_MSG_RESULT(yes) - AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) + AC_DEFINE(USE_CYASSL, 1, [if CyaSSL/WolfSSL is enabled]) AC_SUBST(USE_CYASSL, [1]) CYASSL_ENABLED=1 USE_CYASSL="yes" - curl_ssl_msg="enabled (CyaSSL)" + curl_ssl_msg="enabled (WolfSSL)" ], [ AC_MSG_RESULT(no) @@ -2195,6 +2195,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then LIBS="-l$cyassllibname -lm $LIBS" + if test "x$cyassllib" = "xwolfssl"; then + dnl Recent WolfSSL versions build without SSLv3 by default + AC_CHECK_FUNCS(wolfSSLv3_client_method) + fi + if test -n "$cyassllib"; then dnl when shared libs were found in a path that the run-time dnl linker doesn't search through, we need to add it to diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index f51b04192..20629f45d 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -143,8 +143,15 @@ cyassl_connect_step1(struct connectdata *conn, use_sni(TRUE); break; case CURL_SSLVERSION_SSLv3: + /* before WolfSSL SSLv3 was enabled by default, and starting in WolfSSL + we check for its presence since it is built without it by default */ +#if !defined(WOLFSSL_VERSION) || defined(HAVE_WOLFSSLV3_CLIENT_METHOD) req_method = SSLv3_client_method(); use_sni(FALSE); +#else + failf(data, "No support for SSLv3"); + return CURLE_NOT_BUILT_IN; +#endif break; case CURL_SSLVERSION_SSLv2: failf(data, "CyaSSL does not support SSLv2");