Unverified Commit 62a721ea authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: enable PKCS12 support for !BoringSSL 

Enable PKCS12 for all non-boringssl builds without relying on configure
or cmake checks.

Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948
parent c95c92da

CMakeLists.txt

+0 −1
Original line number Original line Diff line number Diff line
@@ -366,7 +366,6 @@ if(CMAKE_USE_OPENSSL) 
  check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)

  check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)

  check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)

  check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)

  check_include_file("openssl/pem.h"    HAVE_OPENSSL_PEM_H)

  check_include_file("openssl/pem.h"    HAVE_OPENSSL_PEM_H)

  check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)

  check_include_file("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)

  check_include_file("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)

  check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)

  check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)

  check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)

  check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)

configure.ac

+1 −4
Original line number Original line Diff line number Diff line
@@ -1647,10 +1647,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && 
      fi

      fi

    fi

    fi





    if test X"$OPENSSL_ENABLED" = X"1"; then

    if test X"$OPENSSL_ENABLED" != X"1"; then

       dnl is there a pkcs12.h header present?

       AC_CHECK_HEADERS(openssl/pkcs12.h)

    else

       LIBS="$CLEANLIBS"

       LIBS="$CLEANLIBS"

    fi

    fi

lib/vtls/openssl.c

+4 −2
Original line number Original line Diff line number Diff line
@@ -69,7 +69,9 @@ 
#include <openssl/bio.h>

#include <openssl/bio.h>

#include <openssl/buffer.h>

#include <openssl/buffer.h>





#ifdef HAVE_OPENSSL_PKCS12_H

#ifndef OPENSSL_IS_BORINGSSL

/* BoringSSL does not support PKCS12 */

#define HAVE_PKCS12_SUPPORT 1

#include <openssl/pkcs12.h>

#include <openssl/pkcs12.h>

#endif

#endif
@@ -653,7 +655,7 @@ int cert_stuff(struct connectdata *conn, 




    case SSL_FILETYPE_PKCS12:

    case SSL_FILETYPE_PKCS12:

    {

    {

#ifdef HAVE_OPENSSL_PKCS12_H

#ifdef HAVE_PKCS12_SUPPORT

      FILE *f;

      FILE *f;

      PKCS12 *p12;

      PKCS12 *p12;

      EVP_PKEY *pri;

      EVP_PKEY *pri;