mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 17:18:48 -05:00
OpenSSL: enable TLS 1.3 post-handshake auth
OpenSSL 1.1.1 requires clients to opt-in for post-handshake authentication. Fixes: https://github.com/curl/curl/issues/3026 Signed-off-by: Christian Heimes <christian@python.org> Closes https://github.com/curl/curl/pull/3027
This commit is contained in:
parent
55b51b8c49
commit
b939bc47b2
@ -177,6 +177,7 @@
|
|||||||
!defined(LIBRESSL_VERSION_NUMBER) && \
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
!defined(OPENSSL_IS_BORINGSSL))
|
!defined(OPENSSL_IS_BORINGSSL))
|
||||||
#define HAVE_SSL_CTX_SET_CIPHERSUITES
|
#define HAVE_SSL_CTX_SET_CIPHERSUITES
|
||||||
|
#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER)
|
#if defined(LIBRESSL_VERSION_NUMBER)
|
||||||
@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
||||||
|
/* OpenSSL 1.1.1 requires clients to opt-in for PHA */
|
||||||
|
SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef USE_TLS_SRP
|
#ifdef USE_TLS_SRP
|
||||||
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
||||||
char * const ssl_username = SSL_SET_OPTION(username);
|
char * const ssl_username = SSL_SET_OPTION(username);
|
||||||
|
Loading…
Reference in New Issue
Block a user