summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Schindelin <johannes.schindelin@gmx.de>2017-06-20 11:32:53 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-08-28 14:56:56 +0200
commit937899a3b8e1124df7a66b83925349d5c9f9e5a9 (patch)
tree8669ed778f44b2e382de82a177cc576e933f2d8f
parent0a083a66bcae51a485d45ba416eac1d1fbe4ca15 (diff)
downloadcurl-937899a3b8e1124df7a66b83925349d5c9f9e5a9.tar.gz
vtls: convert the have_curlssl_* constants to runtime flags
The entire idea of introducing the Curl_ssl struct to describe SSL backends is to prepare for choosing the SSL backend at runtime. To that end, convert all the #ifdef have_curlssl_* style conditionals to use bit flags instead. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-rw-r--r--lib/url.c75
-rw-r--r--lib/vtls/axtls.c5
-rw-r--r--lib/vtls/cyassl.c21
-rw-r--r--lib/vtls/cyassl.h20
-rw-r--r--lib/vtls/darwinssl.c27
-rw-r--r--lib/vtls/darwinssl.h19
-rw-r--r--lib/vtls/gskit.c5
-rw-r--r--lib/vtls/gskit.h3
-rw-r--r--lib/vtls/gtls.c5
-rw-r--r--lib/vtls/gtls.h9
-rw-r--r--lib/vtls/mbedtls.c5
-rw-r--r--lib/vtls/mbedtls.h6
-rw-r--r--lib/vtls/nss.c5
-rw-r--r--lib/vtls/nssg.h9
-rw-r--r--lib/vtls/openssl.c5
-rw-r--r--lib/vtls/openssl.h12
-rw-r--r--lib/vtls/polarssl.c5
-rw-r--r--lib/vtls/polarssl.h6
-rw-r--r--lib/vtls/schannel.c5
-rw-r--r--lib/vtls/schannel.h3
-rw-r--r--lib/vtls/vtls.h5
21 files changed, 134 insertions, 121 deletions
diff --git a/lib/url.c b/lib/url.c
index 32623abe5..dd254af54 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2179,24 +2179,26 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
TRUE : FALSE;
break;
case CURLOPT_SSL_CTX_FUNCTION:
-#ifdef have_curlssl_ssl_ctx
/*
* Set a SSL_CTX callback
*/
- data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_SSL_CTX_DATA:
-#ifdef have_curlssl_ssl_ctx
/*
* Set a SSL_CTX callback parameter pointer
*/
- data->set.ssl.fsslctxp = va_arg(param, void *);
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctxp = va_arg(param, void *);
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_SSL_FALSESTART:
/*
@@ -2210,35 +2212,38 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_CERTINFO:
-#ifdef have_curlssl_certinfo
- data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_certinfo)
+ data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PINNEDPUBLICKEY:
-#ifdef have_curlssl_pinnedpubkey /* only by supported backends */
/*
* Set pinned public key for SSL connection.
* Specify file name of the public key in DER format.
*/
- result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PROXY_PINNEDPUBLICKEY:
-#ifdef have_curlssl_pinnedpubkey /* only by supported backends */
/*
* Set pinned public key for SSL connection.
* Specify file name of the public key in DER format.
*/
- result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_CAINFO:
/*
@@ -2256,30 +2261,32 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
va_arg(param, char *));
break;
case CURLOPT_CAPATH:
-#ifdef have_curlssl_ca_path /* not supported by all backends */
/*
* Set CA path info for SSL connection. Specify directory name of the CA
* certificates which have been prepared using openssl c_rehash utility.
*/
- /* This does not work on windows. */
- result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_PROXY_CAPATH:
-#ifdef have_curlssl_ca_path /* not supported by all backends */
/*
* Set CA path info for SSL connection proxy. Specify directory name of the
* CA certificates which have been prepared using openssl c_rehash utility.
*/
- /* This does not work on windows. */
- result = setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
- va_arg(param, char *));
-#else
- result = CURLE_NOT_BUILT_IN;
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
+ va_arg(param, char *));
+ else
#endif
+ result = CURLE_NOT_BUILT_IN;
break;
case CURLOPT_CRLFILE:
/*
diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c
index 3446dac44..885cbf532 100644
--- a/lib/vtls/axtls.c
+++ b/lib/vtls/axtls.c
@@ -705,6 +705,11 @@ CURLcode Curl_axtls_random(struct Curl_easy *data,
const struct Curl_ssl Curl_ssl_axtls = {
"axtls", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_axtls_init, /* init */
Curl_axtls_cleanup, /* cleanup */
Curl_axtls_version, /* version */
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 62db13c1b..7f90e913f 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -110,6 +110,18 @@ and that's a problem since options.h hasn't been included yet. */
#define CYASSL_MAX_ERROR_SZ 80
#endif
+/* KEEP_PEER_CERT is a product of the presence of build time symbol
+ OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
+ in wolfSSL's settings.h, and the latter two are build time symbols in
+ options.h. */
+#ifndef KEEP_PEER_CERT
+#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \
+ defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
+ (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
+#define KEEP_PEER_CERT
+#endif
+#endif
+
static Curl_recv cyassl_recv;
static Curl_send cyassl_send;
@@ -954,6 +966,15 @@ static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
const struct Curl_ssl Curl_ssl_cyassl = {
"cyassl", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef KEEP_PEER_CERT
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif
+ 1, /* have_ssl_ctx */
+
Curl_cyassl_init, /* init */
Curl_none_cleanup, /* cleanup */
Curl_cyassl_version, /* version */
diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h
index abee7cf80..423fdc0bf 100644
--- a/lib/vtls/cyassl.h
+++ b/lib/vtls/cyassl.h
@@ -25,18 +25,6 @@
#ifdef USE_CYASSL
-/* KEEP_PEER_CERT is a product of the presence of build time symbol
- OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
- in wolfSSL's settings.h, and the latter two are build time symbols in
- options.h. */
-#ifndef KEEP_PEER_CERT
-#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \
- defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
- (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
-#define KEEP_PEER_CERT
-#endif
-#endif
-
CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex);
int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
@@ -60,13 +48,5 @@ extern const struct Curl_ssl Curl_ssl_cyassl;
/* Set the API backend definition to CyaSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
-#ifdef KEEP_PEER_CERT
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-#endif
-
#endif /* USE_CYASSL */
#endif /* HEADER_CURL_CYASSL_H */
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 23be96a20..4d755d6b6 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -118,6 +118,24 @@
#define ioErr -36
#define paramErr -50
+/* pinned public key support tests */
+
+/* version 1 supports macOS 10.12+ and iOS 10+ */
+#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
+ (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
+#define DARWIN_SSL_PINNEDPUBKEY_V1 1
+#endif
+
+/* version 2 supports MacOSX 10.7+ */
+#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
+#define DARWIN_SSL_PINNEDPUBKEY_V2 1
+#endif
+
+#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2)
+/* this backend supports CURLOPT_PINNEDPUBLICKEY */
+#define DARWIN_SSL_PINNEDPUBKEY 1
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
#ifdef DARWIN_SSL_PINNEDPUBKEY
/* both new and old APIs return rsa keys missing the spki header (not DER) */
static const unsigned char rsa4096SpkiHeader[] = {
@@ -2860,6 +2878,15 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
const struct Curl_ssl Curl_ssl_darwinssl = {
"darwinssl", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+ 0, /* have_ssl_ctx */
+
Curl_none_init, /* init */
Curl_none_cleanup, /* cleanup */
Curl_darwinssl_version, /* version */
diff --git a/lib/vtls/darwinssl.h b/lib/vtls/darwinssl.h
index 37fe8164f..9c4611988 100644
--- a/lib/vtls/darwinssl.h
+++ b/lib/vtls/darwinssl.h
@@ -51,24 +51,5 @@ extern const struct Curl_ssl Curl_ssl_darwinssl;
/* Set the API backend definition to SecureTransport */
#define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL
-/* pinned public key support tests */
-
-/* version 1 supports macOS 10.12+ and iOS 10+ */
-#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
- (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
-#define DARWIN_SSL_PINNEDPUBKEY_V1 1
-#endif
-
-/* version 2 supports MacOSX 10.7+ */
-#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
-#define DARWIN_SSL_PINNEDPUBKEY_V2 1
-#endif
-
-#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2)
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define DARWIN_SSL_PINNEDPUBKEY 1
-#define have_curlssl_pinnedpubkey 1
-#endif /* DARWIN_SSL_PINNEDPUBKEY */
-
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index d82f658fd..dc24f044b 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -1337,6 +1337,11 @@ int Curl_gskit_check_cxn(struct connectdata *cxn)
const struct Curl_ssl Curl_ssl_gskit = {
"gskit", /* name */
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_gskit_init, /* init */
Curl_gskit_cleanup, /* cleanup */
Curl_gskit_version, /* version */
diff --git a/lib/vtls/gskit.h b/lib/vtls/gskit.h
index 42856d329..f2f5eb89a 100644
--- a/lib/vtls/gskit.h
+++ b/lib/vtls/gskit.h
@@ -49,9 +49,6 @@ extern const struct Curl_ssl Curl_ssl_gskit;
/* Set the API backend definition to GSKit */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
#endif /* USE_GSKIT */
#endif /* HEADER_CURL_GSKIT_H */
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 3105a4b13..fbbcdf334 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1789,6 +1789,11 @@ bool Curl_gtls_cert_status_request(void)
const struct Curl_ssl Curl_ssl_gnutls = {
"gnutls", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_gtls_init, /* init */
Curl_gtls_cleanup, /* cleanup */
Curl_gtls_version, /* version */
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index 05bd834f2..d393b889d 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -57,14 +57,5 @@ extern const struct Curl_ssl Curl_ssl_gnutls;
/* Set the API backend definition to GnuTLS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_GNUTLS */
#endif /* HEADER_CURL_GTLS_H */
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 0ab471306..c925ea93c 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1018,6 +1018,11 @@ static void Curl_mbedtls_sha256sum(const unsigned char *input,
const struct Curl_ssl Curl_ssl_mbedtls = {
"mbedtls", /* name */
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+
Curl_mbedtls_init, /* init */
Curl_mbedtls_cleanup, /* cleanup */
Curl_mbedtls_version, /* version */
diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index 39e64c350..aaf84bd54 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -51,12 +51,6 @@ int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
extern const struct Curl_ssl Curl_ssl_mbedtls;
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 603601b55..ff338940c 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2327,6 +2327,11 @@ bool Curl_nss_false_start(void)
const struct Curl_ssl Curl_ssl_nss = {
"nss", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_nss_init, /* init */
Curl_nss_cleanup, /* cleanup */
Curl_nss_version, /* version */
diff --git a/lib/vtls/nssg.h b/lib/vtls/nssg.h
index 37c4b5b71..222c6e28e 100644
--- a/lib/vtls/nssg.h
+++ b/lib/vtls/nssg.h
@@ -64,14 +64,5 @@ extern const struct Curl_ssl Curl_ssl_nss;
/* Set the API backend definition to NSS */
#define CURL_SSL_BACKEND CURLSSLBACKEND_NSS
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_NSS */
#endif /* HEADER_CURL_NSSG_H */
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index eeecd9da6..7376588c3 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3390,6 +3390,11 @@ bool Curl_ossl_cert_status_request(void)
const struct Curl_ssl Curl_ssl_openssl = {
"openssl", /* name */
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+
Curl_ossl_init, /* init */
Curl_ossl_cleanup, /* cleanup */
Curl_ossl_version, /* version */
diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
index 8e14f4549..c17dff284 100644
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@@ -79,18 +79,6 @@ extern const struct Curl_ssl Curl_ssl_openssl;
/* Set the API backend definition to OpenSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
-/* this backend supports CURLOPT_SSL_CTX_* */
-#define have_curlssl_ssl_ctx 1
-
-/* this backend supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#define DEFAULT_CIPHER_SELECTION \
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 5b48945a6..4d8db72d8 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -881,6 +881,11 @@ static void Curl_polarssl_sha256sum(const unsigned char *input,
const struct Curl_ssl Curl_ssl_polarssl = {
"polarssl", /* name */
+ 1, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_polarssl_init, /* init */
Curl_polarssl_cleanup, /* cleanup */
Curl_polarssl_version, /* version */
diff --git a/lib/vtls/polarssl.h b/lib/vtls/polarssl.h
index 7109fe5ba..b2560ddb1 100644
--- a/lib/vtls/polarssl.h
+++ b/lib/vtls/polarssl.h
@@ -50,11 +50,5 @@ extern const struct Curl_ssl Curl_ssl_polarssl;
/* Set the API backend definition to PolarSSL */
#define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL
-/* this backend supports the CAPATH option */
-#define have_curlssl_ca_path 1
-
-/* this backends supports CURLOPT_PINNEDPUBLICKEY */
-#define have_curlssl_pinnedpubkey 1
-
#endif /* USE_POLARSSL */
#endif /* HEADER_CURL_POLARSSL_H */
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 6ee707b0d..fe7ec47b8 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1729,6 +1729,11 @@ static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
const struct Curl_ssl Curl_ssl_schannel = {
"schannel", /* name */
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+
Curl_schannel_init, /* init */
Curl_schannel_cleanup, /* cleanup */
Curl_schannel_version, /* version */
diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
index 1314445c0..aaf253a6b 100644
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@@ -100,8 +100,5 @@ extern const struct Curl_ssl Curl_ssl_schannel;
/* Set the API backend definition to Schannel */
#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL
-/* this backend supports CURLOPT_CERTINFO */
-#define have_curlssl_certinfo 1
-
#endif /* USE_SCHANNEL */
#endif /* HEADER_CURL_SCHANNEL_H */
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index d42422d11..8b3ff05ae 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -28,6 +28,11 @@ struct connectdata;
struct Curl_ssl {
const char *name;
+ unsigned have_ca_path:1; /* supports CAPATH */
+ unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */
+ unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */
+ unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */
+
int (*init)(void);
void (*cleanup)(void);