1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00

openssl: assume engine support in 1.0.1 or later

Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.

While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.

Fixes #2641
Closes #2644
This commit is contained in:
Daniel Stenberg 2018-06-08 16:36:47 +02:00
parent 100318c7fd
commit 38203f1585
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
4 changed files with 15 additions and 21 deletions

View File

@ -356,7 +356,6 @@ if(CMAKE_USE_OPENSSL)
include_directories(${OPENSSL_INCLUDE_DIR}) include_directories(${OPENSSL_INCLUDE_DIR})
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H)
check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H)
check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H)

View File

@ -1756,14 +1756,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
fi fi
if test X"$OPENSSL_ENABLED" = X"1"; then if test X"$OPENSSL_ENABLED" = X"1"; then
dnl If the ENGINE library seems to be around, check for the OpenSSL engine
dnl stuff, it is kind of "separated" from the main SSL check
AC_CHECK_FUNC(ENGINE_init,
[
AC_CHECK_HEADERS(openssl/engine.h)
AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
])
dnl These can only exist if OpenSSL exists dnl These can only exist if OpenSSL exists
dnl Older versions of Cyassl (some time before 2.9.4) don't have dnl Older versions of Cyassl (some time before 2.9.4) don't have
dnl SSL_get_shutdown (but this check won't actually detect it there dnl SSL_get_shutdown (but this check won't actually detect it there

View File

@ -1267,7 +1267,7 @@ struct UrlState {
void *resolver; /* resolver state, if it is used in the URL state - void *resolver; /* resolver state, if it is used in the URL state -
ares_channel f.e. */ ares_channel f.e. */
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) #if defined(USE_OPENSSL)
/* void instead of ENGINE to avoid bleeding OpenSSL into this header */ /* void instead of ENGINE to avoid bleeding OpenSSL into this header */
void *engine; void *engine;
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */

View File

@ -50,9 +50,6 @@
#include "hostcheck.h" #include "hostcheck.h"
#include "curl_printf.h" #include "curl_printf.h"
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
@ -72,6 +69,12 @@
#include <openssl/ocsp.h> #include <openssl/ocsp.h>
#endif #endif
#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && /* 1.0.1 or later */ \
!defined(OPENSSL_NO_ENGINE)
#define USE_OPENSSL_ENGINE
#include <openssl/engine.h>
#endif
#include "warnless.h" #include "warnless.h"
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */ #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
@ -83,7 +86,7 @@
#error "OPENSSL_VERSION_NUMBER not defined" #error "OPENSSL_VERSION_NUMBER not defined"
#endif #endif
#if defined(HAVE_OPENSSL_ENGINE_H) #ifdef USE_OPENSSL_ENGINE
#include <openssl/ui.h> #include <openssl/ui.h>
#endif #endif
@ -515,7 +518,7 @@ static int do_file_type(const char *type)
return -1; return -1;
} }
#if defined(HAVE_OPENSSL_ENGINE_H) #ifdef USE_OPENSSL_ENGINE
/* /*
* Supply default password to the engine user interface conversation. * Supply default password to the engine user interface conversation.
* The password is passed by OpenSSL engine from ENGINE_load_private_key() * The password is passed by OpenSSL engine from ENGINE_load_private_key()
@ -617,7 +620,7 @@ int cert_stuff(struct connectdata *conn,
} }
break; break;
case SSL_FILETYPE_ENGINE: case SSL_FILETYPE_ENGINE:
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) #if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
{ {
if(data->state.engine) { if(data->state.engine) {
const char *cmd_name = "LOAD_CERT_CTRL"; const char *cmd_name = "LOAD_CERT_CTRL";
@ -792,7 +795,7 @@ int cert_stuff(struct connectdata *conn,
} }
break; break;
case SSL_FILETYPE_ENGINE: case SSL_FILETYPE_ENGINE:
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef USE_OPENSSL_ENGINE
{ /* XXXX still needs some work */ { /* XXXX still needs some work */
EVP_PKEY *priv_key = NULL; EVP_PKEY *priv_key = NULL;
if(data->state.engine) { if(data->state.engine) {
@ -1099,7 +1102,7 @@ static int Curl_ossl_check_cxn(struct connectdata *conn)
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
const char *engine) const char *engine)
{ {
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) #ifdef USE_OPENSSL_ENGINE
ENGINE *e; ENGINE *e;
#if OPENSSL_VERSION_NUMBER >= 0x00909000L #if OPENSSL_VERSION_NUMBER >= 0x00909000L
@ -1144,7 +1147,7 @@ static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
*/ */
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
{ {
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef USE_OPENSSL_ENGINE
if(data->state.engine) { if(data->state.engine) {
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) { if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
infof(data, "set default crypto engine '%s'\n", infof(data, "set default crypto engine '%s'\n",
@ -1167,7 +1170,7 @@ static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{ {
struct curl_slist *list = NULL; struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) #ifdef USE_OPENSSL_ENGINE
struct curl_slist *beg; struct curl_slist *beg;
ENGINE *e; ENGINE *e;
@ -1323,7 +1326,7 @@ static void Curl_ossl_session_free(void *ptr)
*/ */
static void Curl_ossl_close_all(struct Curl_easy *data) static void Curl_ossl_close_all(struct Curl_easy *data)
{ {
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef USE_OPENSSL_ENGINE
if(data->state.engine) { if(data->state.engine) {
ENGINE_finish(data->state.engine); ENGINE_finish(data->state.engine);
ENGINE_free(data->state.engine); ENGINE_free(data->state.engine);