summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-12-16 10:06:09 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-12-16 10:06:09 +0100
commit1ff3a07be9b875155b0076a91a0b8f5c5fd22067 (patch)
tree2f0b2a7571cecb8ab90a0f79a65a68e611903dba
parent15cb03ad846a10c4aa4889d46804389ad11cdc1d (diff)
downloadcurl-1ff3a07be9b875155b0076a91a0b8f5c5fd22067.tar.gz
wolfssl: handle builds without SSLv3 support
-rw-r--r--configure.ac9
-rw-r--r--lib/vtls/cyassl.c7
2 files changed, 14 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index 4c14e382e..3031f05ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2166,11 +2166,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
]])
],[
AC_MSG_RESULT(yes)
- AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+ AC_DEFINE(USE_CYASSL, 1, [if CyaSSL/WolfSSL is enabled])
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (CyaSSL)"
+ curl_ssl_msg="enabled (WolfSSL)"
],
[
AC_MSG_RESULT(no)
@@ -2195,6 +2195,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
LIBS="-l$cyassllibname -lm $LIBS"
+ if test "x$cyassllib" = "xwolfssl"; then
+ dnl Recent WolfSSL versions build without SSLv3 by default
+ AC_CHECK_FUNCS(wolfSSLv3_client_method)
+ fi
+
if test -n "$cyassllib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index f51b04192..20629f45d 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -143,8 +143,15 @@ cyassl_connect_step1(struct connectdata *conn,
use_sni(TRUE);
break;
case CURL_SSLVERSION_SSLv3:
+ /* before WolfSSL SSLv3 was enabled by default, and starting in WolfSSL
+ we check for its presence since it is built without it by default */
+#if !defined(WOLFSSL_VERSION) || defined(HAVE_WOLFSSLV3_CLIENT_METHOD)
req_method = SSLv3_client_method();
use_sni(FALSE);
+#else
+ failf(data, "No support for SSLv3");
+ return CURLE_NOT_BUILT_IN;
+#endif
break;
case CURL_SSLVERSION_SSLv2:
failf(data, "CyaSSL does not support SSLv2");