diff options
| author | Michael Baentsch <57787676+baentsch@users.noreply.github.com> | 2020-08-29 14:09:24 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-08-30 17:24:04 +0200 |
| commit | ede125b7b7ca8fc5a1fe3d7c1aee6bff2ea0bf24 (patch) | |
| tree | ef1c1fd2071ecad350d6f89b6524d218b1dfe562 /lib/vtls | |
| parent | a337355487c4c3305a4c0703282fdcbe008d4998 (diff) | |
| download | curl-ede125b7b7ca8fc5a1fe3d7c1aee6bff2ea0bf24.tar.gz | |
tls: add CURLOPT_SSL_EC_CURVES and --curves
Closes #5892
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/openssl.c | 16 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 3 |
2 files changed, 19 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 09f331418..ce6f8445a 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -200,6 +200,10 @@ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH +/* SET_EC_CURVES available under the same preconditions: see + * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + */ +#define HAVE_SSL_CTX_SET_EC_CURVES #endif #if defined(LIBRESSL_VERSION_NUMBER) @@ -2800,6 +2804,18 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) SSL_CTX_set_post_handshake_auth(backend->ctx, 1); #endif +#ifdef HAVE_SSL_CTX_SET_EC_CURVES + { + char *curves = SSL_CONN_CONFIG(curves); + if(curves) { + if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { + failf(data, "failed setting curves list: '%s'", curves); + return CURLE_SSL_CIPHER; + } + } + } +#endif + #ifdef HAVE_OPENSSL_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 281043aa6..9db4fd0ef 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -138,6 +138,7 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && + Curl_safe_strcasecompare(data->curves, needle->curves) && Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; @@ -164,6 +165,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(cipher_list); CLONE_STRING(cipher_list13); CLONE_STRING(pinned_key); + CLONE_STRING(curves); return TRUE; } @@ -179,6 +181,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) Curl_safefree(sslc->cipher_list13); Curl_safefree(sslc->pinned_key); Curl_safefree(sslc->cert_blob); + Curl_safefree(sslc->curves); } #ifdef USE_SSL |