Loading configure.ac +3 −1 Original line number Diff line number Diff line Loading @@ -2206,11 +2206,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then dnl Recent WolfSSL versions build without SSLv3 by default dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* AC_CHECK_FUNCS(wolfSSLv3_client_method \ wolfSSL_CTX_UseSupportedCurve \ wolfSSL_get_peer_certificate \ wolfSSL_UseALPN) else dnl Cyassl needs configure --enable-opensslextra to have *get_peer* AC_CHECK_FUNCS(CyaSSL_get_peer_certificate) AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \ CyaSSL_get_peer_certificate) fi if test -n "$cyassllib"; then Loading lib/vtls/cyassl.c +19 −0 Original line number Diff line number Diff line Loading @@ -112,6 +112,15 @@ and that's a problem since options.h hasn't been included yet. */ #endif #endif /* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC supported curve extension in options.h. Note ECC is enabled separately. */ #ifndef HAVE_SUPPORTED_CURVES #if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \ defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE) #define HAVE_SUPPORTED_CURVES #endif #endif static Curl_recv cyassl_recv; static Curl_send cyassl_send; Loading Loading @@ -313,6 +322,16 @@ cyassl_connect_step1(struct connectdata *conn, } #endif #ifdef HAVE_SUPPORTED_CURVES /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically: https://github.com/wolfSSL/wolfssl/issues/366 The supported curves below are those also supported by OpenSSL 1.0.2 and in the same order. */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */ #endif /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; Loading projects/wolfssl_options.h +4 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ C_EXTRA_FLAGS="\ --enable-sha512 \ --enable-sni \ --enable-sslv3 \ --enable-supportedcurves \ --enable-testcert \ > config.out 2>&1 Loading Loading @@ -158,6 +159,9 @@ extern "C" { #undef HAVE_TLS_EXTENSIONS #define HAVE_TLS_EXTENSIONS #undef HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES #undef WOLFSSL_TEST_CERT #define WOLFSSL_TEST_CERT Loading Loading
configure.ac +3 −1 Original line number Diff line number Diff line Loading @@ -2206,11 +2206,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then dnl Recent WolfSSL versions build without SSLv3 by default dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* AC_CHECK_FUNCS(wolfSSLv3_client_method \ wolfSSL_CTX_UseSupportedCurve \ wolfSSL_get_peer_certificate \ wolfSSL_UseALPN) else dnl Cyassl needs configure --enable-opensslextra to have *get_peer* AC_CHECK_FUNCS(CyaSSL_get_peer_certificate) AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \ CyaSSL_get_peer_certificate) fi if test -n "$cyassllib"; then Loading
lib/vtls/cyassl.c +19 −0 Original line number Diff line number Diff line Loading @@ -112,6 +112,15 @@ and that's a problem since options.h hasn't been included yet. */ #endif #endif /* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC supported curve extension in options.h. Note ECC is enabled separately. */ #ifndef HAVE_SUPPORTED_CURVES #if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \ defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE) #define HAVE_SUPPORTED_CURVES #endif #endif static Curl_recv cyassl_recv; static Curl_send cyassl_send; Loading Loading @@ -313,6 +322,16 @@ cyassl_connect_step1(struct connectdata *conn, } #endif #ifdef HAVE_SUPPORTED_CURVES /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically: https://github.com/wolfSSL/wolfssl/issues/366 The supported curves below are those also supported by OpenSSL 1.0.2 and in the same order. */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */ #endif /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; Loading
projects/wolfssl_options.h +4 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ C_EXTRA_FLAGS="\ --enable-sha512 \ --enable-sni \ --enable-sslv3 \ --enable-supportedcurves \ --enable-testcert \ > config.out 2>&1 Loading Loading @@ -158,6 +159,9 @@ extern "C" { #undef HAVE_TLS_EXTENSIONS #define HAVE_TLS_EXTENSIONS #undef HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES #undef WOLFSSL_TEST_CERT #define WOLFSSL_TEST_CERT Loading
