mirror of
https://github.com/moparisthebest/curl
synced 2024-11-17 15:05:02 -05:00
openssl: assume engine support in 1.0.1 or later
Previously it was checked for in configure/cmake, but that would then leave other build systems built without engine support. While engine support probably existed prior to 1.0.1, I decided to play safe. If someone experience a problem with this, we can widen the version check. Fixes #2641 Closes #2644
This commit is contained in:
parent
100318c7fd
commit
38203f1585
@ -356,7 +356,6 @@ if(CMAKE_USE_OPENSSL)
|
|||||||
include_directories(${OPENSSL_INCLUDE_DIR})
|
include_directories(${OPENSSL_INCLUDE_DIR})
|
||||||
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||||
check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
|
check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
|
||||||
check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
|
|
||||||
check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H)
|
check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H)
|
||||||
check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H)
|
check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H)
|
||||||
check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H)
|
check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H)
|
||||||
|
@ -1756,14 +1756,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if test X"$OPENSSL_ENABLED" = X"1"; then
|
if test X"$OPENSSL_ENABLED" = X"1"; then
|
||||||
dnl If the ENGINE library seems to be around, check for the OpenSSL engine
|
|
||||||
dnl stuff, it is kind of "separated" from the main SSL check
|
|
||||||
AC_CHECK_FUNC(ENGINE_init,
|
|
||||||
[
|
|
||||||
AC_CHECK_HEADERS(openssl/engine.h)
|
|
||||||
AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl These can only exist if OpenSSL exists
|
dnl These can only exist if OpenSSL exists
|
||||||
dnl Older versions of Cyassl (some time before 2.9.4) don't have
|
dnl Older versions of Cyassl (some time before 2.9.4) don't have
|
||||||
dnl SSL_get_shutdown (but this check won't actually detect it there
|
dnl SSL_get_shutdown (but this check won't actually detect it there
|
||||||
|
@ -1267,7 +1267,7 @@ struct UrlState {
|
|||||||
void *resolver; /* resolver state, if it is used in the URL state -
|
void *resolver; /* resolver state, if it is used in the URL state -
|
||||||
ares_channel f.e. */
|
ares_channel f.e. */
|
||||||
|
|
||||||
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
#if defined(USE_OPENSSL)
|
||||||
/* void instead of ENGINE to avoid bleeding OpenSSL into this header */
|
/* void instead of ENGINE to avoid bleeding OpenSSL into this header */
|
||||||
void *engine;
|
void *engine;
|
||||||
#endif /* USE_OPENSSL */
|
#endif /* USE_OPENSSL */
|
||||||
|
@ -50,9 +50,6 @@
|
|||||||
#include "hostcheck.h"
|
#include "hostcheck.h"
|
||||||
#include "curl_printf.h"
|
#include "curl_printf.h"
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
|
||||||
#include <openssl/engine.h>
|
|
||||||
#endif
|
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#ifndef OPENSSL_NO_DSA
|
#ifndef OPENSSL_NO_DSA
|
||||||
@ -72,6 +69,12 @@
|
|||||||
#include <openssl/ocsp.h>
|
#include <openssl/ocsp.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && /* 1.0.1 or later */ \
|
||||||
|
!defined(OPENSSL_NO_ENGINE)
|
||||||
|
#define USE_OPENSSL_ENGINE
|
||||||
|
#include <openssl/engine.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "warnless.h"
|
#include "warnless.h"
|
||||||
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
||||||
|
|
||||||
@ -83,7 +86,7 @@
|
|||||||
#error "OPENSSL_VERSION_NUMBER not defined"
|
#error "OPENSSL_VERSION_NUMBER not defined"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(HAVE_OPENSSL_ENGINE_H)
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
#include <openssl/ui.h>
|
#include <openssl/ui.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -515,7 +518,7 @@ static int do_file_type(const char *type)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(HAVE_OPENSSL_ENGINE_H)
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
/*
|
/*
|
||||||
* Supply default password to the engine user interface conversation.
|
* Supply default password to the engine user interface conversation.
|
||||||
* The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
* The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
||||||
@ -617,7 +620,7 @@ int cert_stuff(struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SSL_FILETYPE_ENGINE:
|
case SSL_FILETYPE_ENGINE:
|
||||||
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
||||||
{
|
{
|
||||||
if(data->state.engine) {
|
if(data->state.engine) {
|
||||||
const char *cmd_name = "LOAD_CERT_CTRL";
|
const char *cmd_name = "LOAD_CERT_CTRL";
|
||||||
@ -792,7 +795,7 @@ int cert_stuff(struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SSL_FILETYPE_ENGINE:
|
case SSL_FILETYPE_ENGINE:
|
||||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
{ /* XXXX still needs some work */
|
{ /* XXXX still needs some work */
|
||||||
EVP_PKEY *priv_key = NULL;
|
EVP_PKEY *priv_key = NULL;
|
||||||
if(data->state.engine) {
|
if(data->state.engine) {
|
||||||
@ -1099,7 +1102,7 @@ static int Curl_ossl_check_cxn(struct connectdata *conn)
|
|||||||
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
||||||
const char *engine)
|
const char *engine)
|
||||||
{
|
{
|
||||||
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
ENGINE *e;
|
ENGINE *e;
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
||||||
@ -1144,7 +1147,7 @@ static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
|||||||
*/
|
*/
|
||||||
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
if(data->state.engine) {
|
if(data->state.engine) {
|
||||||
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
||||||
infof(data, "set default crypto engine '%s'\n",
|
infof(data, "set default crypto engine '%s'\n",
|
||||||
@ -1167,7 +1170,7 @@ static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
|||||||
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
|
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
|
||||||
{
|
{
|
||||||
struct curl_slist *list = NULL;
|
struct curl_slist *list = NULL;
|
||||||
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
struct curl_slist *beg;
|
struct curl_slist *beg;
|
||||||
ENGINE *e;
|
ENGINE *e;
|
||||||
|
|
||||||
@ -1323,7 +1326,7 @@ static void Curl_ossl_session_free(void *ptr)
|
|||||||
*/
|
*/
|
||||||
static void Curl_ossl_close_all(struct Curl_easy *data)
|
static void Curl_ossl_close_all(struct Curl_easy *data)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
#ifdef USE_OPENSSL_ENGINE
|
||||||
if(data->state.engine) {
|
if(data->state.engine) {
|
||||||
ENGINE_finish(data->state.engine);
|
ENGINE_finish(data->state.engine);
|
||||||
ENGINE_free(data->state.engine);
|
ENGINE_free(data->state.engine);
|
||||||
|
Loading…
Reference in New Issue
Block a user