summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/hostip.c17
-rw-r--r--lib/setopt.c6
-rw-r--r--lib/url.c2
-rw-r--r--lib/urldata.h4
4 files changed, 28 insertions, 1 deletions
diff --git a/lib/hostip.c b/lib/hostip.c
index 5d942dca0..911d5ed6d 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -609,7 +609,11 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
struct connectdata *conn = data->conn;
*entry = NULL;
+#ifndef CURL_DISABLE_DOH
conn->bits.doh = FALSE; /* default is not */
+#else
+ (void)allowDOH;
+#endif
if(data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
@@ -630,11 +634,15 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
struct Curl_addrinfo *addr = NULL;
int respwait = 0;
+#if !defined(CURL_DISABLE_DOH) || !defined(USE_RESOLVE_ON_IPS)
struct in_addr in;
+#endif
+#ifndef CURL_DISABLE_DOH
#ifndef USE_RESOLVE_ON_IPS
const
#endif
bool ipnum = FALSE;
+#endif
/* notify the resolver start callback */
if(data->set.resolver_start) {
@@ -686,6 +694,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
#endif /* ENABLE_IPV6 */
#else /* if USE_RESOLVE_ON_IPS */
+#ifndef CURL_DISABLE_DOH
/* First check if this is an IPv4 address string */
if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
/* This is a dotted IP address 123.123.123.123-style */
@@ -699,6 +708,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
ipnum = TRUE;
}
#endif /* ENABLE_IPV6 */
+#endif /* CURL_DISABLE_DOH */
#endif /* !USE_RESOLVE_ON_IPS */
@@ -708,8 +718,10 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
if(strcasecompare(hostname, "localhost"))
addr = get_localhost(port);
+#ifndef CURL_DISABLE_DOH
else if(allowDOH && data->set.doh && !ipnum)
addr = Curl_doh(data, hostname, port, &respwait);
+#endif
else {
/* Check what IP specifics the app has requested and if we can provide
* it. If not, bail out. */
@@ -1210,9 +1222,10 @@ CURLcode Curl_resolv_check(struct Curl_easy *data,
#if defined(CURL_DISABLE_DOH) && !defined(CURLRES_ASYNCH)
(void)dns;
#endif
-
+#ifndef CURL_DISABLE_DOH
if(data->conn->bits.doh)
return Curl_doh_is_resolved(data, dns);
+#endif
return Curl_resolver_is_resolved(data, dns);
}
@@ -1220,10 +1233,12 @@ int Curl_resolv_getsock(struct Curl_easy *data,
curl_socket_t *socks)
{
#ifdef CURLRES_ASYNCH
+#ifndef CURL_DISABLE_DOH
if(data->conn->bits.doh)
/* nothing to wait for during DoH resolve, those handles have their own
sockets */
return GETSOCK_BLANK;
+#endif
return Curl_resolver_getsock(data, socks);
#else
(void)data;
diff --git a/lib/setopt.c b/lib/setopt.c
index ddb010259..599ed5d99 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -1870,6 +1870,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.ssl.primary.verifypeer;
}
break;
+#ifndef CURL_DISABLE_DOH
case CURLOPT_DOH_SSL_VERIFYPEER:
/*
* Enable peer SSL verifying for DoH.
@@ -1877,6 +1878,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.doh_verifypeer = (0 != va_arg(param, long)) ?
TRUE : FALSE;
break;
+#endif
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_VERIFYPEER:
/*
@@ -1909,6 +1911,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.ssl.primary.verifyhost;
}
break;
+#ifndef CURL_DISABLE_DOH
case CURLOPT_DOH_SSL_VERIFYHOST:
/*
* Enable verification of the host name in the peer certificate for DoH
@@ -1918,6 +1921,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
/* Treat both 1 and 2 as TRUE */
data->set.doh_verifyhost = (bool)((arg & 3) ? TRUE : FALSE);
break;
+#endif
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_VERIFYHOST:
/*
@@ -1953,6 +1957,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.ssl.primary.verifystatus;
}
break;
+#ifndef CURL_DISABLE_DOH
case CURLOPT_DOH_SSL_VERIFYSTATUS:
/*
* Enable certificate status verifying for DoH.
@@ -1965,6 +1970,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.doh_verifystatus = (0 != va_arg(param, long)) ?
TRUE : FALSE;
break;
+#endif
case CURLOPT_SSL_CTX_FUNCTION:
/*
* Set a SSL_CTX callback
diff --git a/lib/url.c b/lib/url.c
index b594dcce0..a48af42c9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -540,8 +540,10 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
* libcurl 7.10 introduced SSL verification *by default*! This needs to be
* switched off unless wanted.
*/
+#ifndef CURL_DISABLE_DOH
set->doh_verifyhost = TRUE;
set->doh_verifypeer = TRUE;
+#endif
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
diff --git a/lib/urldata.h b/lib/urldata.h
index 22c66cd44..cc9c88870 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -518,7 +518,9 @@ struct ConnectBits {
BIT(tls_enable_npn); /* TLS NPN extension? */
BIT(tls_enable_alpn); /* TLS ALPN extension? */
BIT(connect_only);
+#ifndef CURL_DISABLE_DOH
BIT(doh);
+#endif
#ifdef USE_UNIX_SOCKETS
BIT(abstract_unix_socket);
#endif
@@ -1858,10 +1860,12 @@ struct UserDefined {
header */
BIT(abstract_unix_socket);
BIT(disallow_username_in_url); /* disallow username in url */
+#ifndef CURL_DISABLE_DOH
BIT(doh); /* DNS-over-HTTPS enabled */
BIT(doh_verifypeer); /* DoH certificate peer verification */
BIT(doh_verifyhost); /* DoH certificate hostname verification */
BIT(doh_verifystatus); /* DoH certificate status verification */
+#endif
BIT(http09_allowed); /* allow HTTP/0.9 responses */
BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
recipients */