cyassl: deal with lack of *get_peer_certificate (151da514) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

configure.ac

+8 −3

Original line number	Diff line number	Diff line
		@@ -2182,7 +2182,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
		fi

		if test "x$USE_CYASSL" = "xyes"; then
		AC_MSG_NOTICE([detected CyaSSL])
		AC_MSG_NOTICE([detected $cyassllibname])

		dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
		AC_CHECK_SIZEOF(long long)
		@@ -2195,9 +2195,14 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then

		LIBS="-l$cyassllibname -lm $LIBS"

		if test "x$cyassllib" = "xwolfssl"; then
		if test "x$cyassllibname" = "xwolfssl"; then
		dnl Recent WolfSSL versions build without SSLv3 by default
		AC_CHECK_FUNCS(wolfSSLv3_client_method)
		dnl WolfSSL needs configure --enable-opensslextra to have get_peer
		AC_CHECK_FUNCS(wolfSSLv3_client_method \
		wolfSSL_get_peer_certificate)
		else
		dnl Cyassl needs configure --enable-opensslextra to have get_peer
		AC_CHECK_FUNCS(CyaSSL_get_peer_certificate)
		fi

		if test -n "$cyassllib"; then

+6 −0

Original line number	Diff line number	Diff line
		@@ -413,6 +413,8 @@ cyassl_connect_step2(struct connectdata *conn,
		}

		if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) {
		#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) \|\| \
		defined(HAVE_CYASSL_GET_PEER_CERTIFICATE)
		X509 *x509;
		const char *x509_der;
		int x509_der_len;
		@@ -449,6 +451,10 @@ cyassl_connect_step2(struct connectdata *conn,
		failf(data, "SSL: public key does not match pinned public key!");
		return result;
		}
		#else
		failf(data, "Library lacks pinning support built-in");
		return CURLE_NOT_BUILT_IN;
		#endif
		}

		conssl->connecting_state = ssl_connect_3;