diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2020-12-29 15:46:42 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2021-01-04 18:00:37 -0500 |
commit | 7de2e96535e97f2446fea077402caab2ee291425 (patch) | |
tree | bdcc08a766e6e03e35a56e6d3410cb6cca8c8331 | |
parent | 82e6d34803dbe302f537d9cd9873d2717df02b46 (diff) | |
download | curl-7de2e96535e97f2446fea077402caab2ee291425.tar.gz |
wolfssl: Support wolfSSL builds missing TLS 1.1
The wolfSSL TLS library defines NO_OLD_TLS in some of their build
configurations and that causes the library to be built without TLS 1.1.
For example if MD5 is explicitly disabled when building wolfSSL then
that defines NO_OLD_TLS and the library is built without TLS 1.1 [1].
Prior to this change attempting to build curl with a wolfSSL that was
built with NO_OLD_TLS would cause a build link error undefined reference
to wolfTLSv1_client_method.
[1]: https://github.com/wolfSSL/wolfssl/blob/v4.5.0-stable/configure.ac#L2366
Bug: https://curl.se/mail/lib-2020-12/0121.html
Reported-by: Julian Montes
Closes https://github.com/curl/curl/pull/6388
-rw-r--r-- | lib/vtls/wolfssl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 3f5f0949e..921e7b87d 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -256,7 +256,7 @@ wolfssl_connect_step1(struct connectdata *conn, use_sni(TRUE); break; case CURL_SSLVERSION_TLSv1_0: -#ifdef WOLFSSL_ALLOW_TLSV10 +#if defined(WOLFSSL_ALLOW_TLSV10) && !defined(NO_OLD_TLS) req_method = TLSv1_client_method(); use_sni(TRUE); #else @@ -265,8 +265,13 @@ wolfssl_connect_step1(struct connectdata *conn, #endif break; case CURL_SSLVERSION_TLSv1_1: +#ifndef NO_OLD_TLS req_method = TLSv1_1_client_method(); use_sni(TRUE); +#else + failf(data, "wolfSSL does not support TLS 1.1"); + return CURLE_NOT_BUILT_IN; +#endif break; case CURL_SSLVERSION_TLSv1_2: req_method = TLSv1_2_client_method(); |