mirror of https://github.com/moparisthebest/curl
wolfssl: Use ECC supported curves extension
https://github.com/wolfSSL/wolfssl/issues/366
This commit is contained in:
Jay Satiro
parent
27c99a37ba
commit
7921628714
|
|
@ -2206,11 +2206,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
|
|||
dnl Recent WolfSSL versions build without SSLv3 by default
|
||||
dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
|
||||
AC_CHECK_FUNCS(wolfSSLv3_client_method \
|
||||
wolfSSL_CTX_UseSupportedCurve \
|
||||
wolfSSL_get_peer_certificate \
|
||||
wolfSSL_UseALPN)
|
||||
else
|
||||
dnl Cyassl needs configure --enable-opensslextra to have *get_peer*
|
||||
AC_CHECK_FUNCS(CyaSSL_get_peer_certificate)
|
||||
AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \
|
||||
CyaSSL_get_peer_certificate)
|
||||
fi
|
||||
|
||||
if test -n "$cyassllib"; then
|
||||
|
|
|
|||
|
|
@ -112,6 +112,15 @@ and that's a problem since options.h hasn't been included yet. */
|
|||
#endif
|
||||
#endif
|
||||
|
||||
/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
|
||||
supported curve extension in options.h. Note ECC is enabled separately. */
|
||||
#ifndef HAVE_SUPPORTED_CURVES
|
||||
#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
|
||||
defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
|
||||
#define HAVE_SUPPORTED_CURVES
|
||||
#endif
|
||||
#endif
|
||||
|
||||
static Curl_recv cyassl_recv;
|
||||
static Curl_send cyassl_send;
|
||||
|
||||
|
|
@ -313,6 +322,16 @@ cyassl_connect_step1(struct connectdata *conn,
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SUPPORTED_CURVES
|
||||
/* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
|
||||
https://github.com/wolfSSL/wolfssl/issues/366
|
||||
The supported curves below are those also supported by OpenSSL 1.0.2 and
|
||||
in the same order. */
|
||||
CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */
|
||||
CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */
|
||||
CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */
|
||||
#endif
|
||||
|
||||
/* give application a chance to interfere with SSL set up. */
|
||||
if(data->set.ssl.fsslctx) {
|
||||
CURLcode result = CURLE_OK;
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ C_EXTRA_FLAGS="\
|
|||
--enable-sha512 \
|
||||
--enable-sni \
|
||||
--enable-sslv3 \
|
||||
--enable-supportedcurves \
|
||||
--enable-testcert \
|
||||
> config.out 2>&1
|
||||
|
||||
|
|
@ -158,6 +159,9 @@ extern "C" {
|
|||
#undef HAVE_TLS_EXTENSIONS
|
||||
#define HAVE_TLS_EXTENSIONS
|
||||
|
||||
#undef HAVE_SUPPORTED_CURVES
|
||||
#define HAVE_SUPPORTED_CURVES
|
||||
|
||||
#undef WOLFSSL_TEST_CERT
|
||||
#define WOLFSSL_TEST_CERT
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue