Unverified Commit 300def7d authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

wolfssl: stop custom-adding curves 

since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
wolfSSL 3.10.2 and later) it sends these curves by default already.

Pointed-out-by: David Garske

Closes #3599
parent 11974ac8

configure.ac

+0 −1
Original line number Diff line number Diff line
@@ -2384,7 +2384,6 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then 
        dnl Recent WolfSSL versions build without SSLv3 by default

        dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*

        AC_CHECK_FUNCS(wolfSSLv3_client_method \

                       wolfSSL_CTX_UseSupportedCurve \

                       wolfSSL_get_peer_certificate \

                       wolfSSL_UseALPN)

      else

lib/vtls/cyassl.c

+1 −20
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -67,15 +67,6 @@ and that's a problem since options.h hasn't been included yet. */ 
#endif

#endif



/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC

   supported curve extension in options.h. Note ECC is enabled separately. */

#ifndef HAVE_SUPPORTED_CURVES

#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \

    defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)

#define HAVE_SUPPORTED_CURVES

#endif

#endif



#include <limits.h>



#include "urldata.h"
@@ -364,16 +355,6 @@ cyassl_connect_step1(struct connectdata *conn, 
  }

#endif



#ifdef HAVE_SUPPORTED_CURVES

  /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:

     https://github.com/wolfSSL/wolfssl/issues/366

     The supported curves below are those also supported by OpenSSL 1.0.2 and

     in the same order. */

  CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */

  CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */

  CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */

#endif



  /* give application a chance to interfere with SSL set up. */

  if(data->set.ssl.fsslctx) {

    CURLcode result = CURLE_OK;