diff options
| -rw-r--r-- | lib/hostip.c | 17 | ||||
| -rw-r--r-- | lib/setopt.c | 6 | ||||
| -rw-r--r-- | lib/url.c | 2 | ||||
| -rw-r--r-- | lib/urldata.h | 4 |
4 files changed, 28 insertions, 1 deletions
diff --git a/lib/hostip.c b/lib/hostip.c index 5d942dca0..911d5ed6d 100644 --- a/lib/hostip.c +++ b/lib/hostip.c @@ -609,7 +609,11 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */ struct connectdata *conn = data->conn; *entry = NULL; +#ifndef CURL_DISABLE_DOH conn->bits.doh = FALSE; /* default is not */ +#else + (void)allowDOH; +#endif if(data->share) Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); @@ -630,11 +634,15 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, struct Curl_addrinfo *addr = NULL; int respwait = 0; +#if !defined(CURL_DISABLE_DOH) || !defined(USE_RESOLVE_ON_IPS) struct in_addr in; +#endif +#ifndef CURL_DISABLE_DOH #ifndef USE_RESOLVE_ON_IPS const #endif bool ipnum = FALSE; +#endif /* notify the resolver start callback */ if(data->set.resolver_start) { @@ -686,6 +694,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, #endif /* ENABLE_IPV6 */ #else /* if USE_RESOLVE_ON_IPS */ +#ifndef CURL_DISABLE_DOH /* First check if this is an IPv4 address string */ if(Curl_inet_pton(AF_INET, hostname, &in) > 0) /* This is a dotted IP address 123.123.123.123-style */ @@ -699,6 +708,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, ipnum = TRUE; } #endif /* ENABLE_IPV6 */ +#endif /* CURL_DISABLE_DOH */ #endif /* !USE_RESOLVE_ON_IPS */ @@ -708,8 +718,10 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(strcasecompare(hostname, "localhost")) addr = get_localhost(port); +#ifndef CURL_DISABLE_DOH else if(allowDOH && data->set.doh && !ipnum) addr = Curl_doh(data, hostname, port, &respwait); +#endif else { /* Check what IP specifics the app has requested and if we can provide * it. If not, bail out. */ @@ -1210,9 +1222,10 @@ CURLcode Curl_resolv_check(struct Curl_easy *data, #if defined(CURL_DISABLE_DOH) && !defined(CURLRES_ASYNCH) (void)dns; #endif - +#ifndef CURL_DISABLE_DOH if(data->conn->bits.doh) return Curl_doh_is_resolved(data, dns); +#endif return Curl_resolver_is_resolved(data, dns); } @@ -1220,10 +1233,12 @@ int Curl_resolv_getsock(struct Curl_easy *data, curl_socket_t *socks) { #ifdef CURLRES_ASYNCH +#ifndef CURL_DISABLE_DOH if(data->conn->bits.doh) /* nothing to wait for during DoH resolve, those handles have their own sockets */ return GETSOCK_BLANK; +#endif return Curl_resolver_getsock(data, socks); #else (void)data; diff --git a/lib/setopt.c b/lib/setopt.c index ddb010259..599ed5d99 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -1870,6 +1870,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.ssl.primary.verifypeer; } break; +#ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYPEER: /* * Enable peer SSL verifying for DoH. @@ -1877,6 +1878,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.doh_verifypeer = (0 != va_arg(param, long)) ? TRUE : FALSE; break; +#endif #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_VERIFYPEER: /* @@ -1909,6 +1911,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.ssl.primary.verifyhost; } break; +#ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYHOST: /* * Enable verification of the host name in the peer certificate for DoH @@ -1918,6 +1921,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* Treat both 1 and 2 as TRUE */ data->set.doh_verifyhost = (bool)((arg & 3) ? TRUE : FALSE); break; +#endif #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_VERIFYHOST: /* @@ -1953,6 +1957,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.ssl.primary.verifystatus; } break; +#ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYSTATUS: /* * Enable certificate status verifying for DoH. @@ -1965,6 +1970,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.doh_verifystatus = (0 != va_arg(param, long)) ? TRUE : FALSE; break; +#endif case CURLOPT_SSL_CTX_FUNCTION: /* * Set a SSL_CTX callback @@ -540,8 +540,10 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) * libcurl 7.10 introduced SSL verification *by default*! This needs to be * switched off unless wanted. */ +#ifndef CURL_DISABLE_DOH set->doh_verifyhost = TRUE; set->doh_verifypeer = TRUE; +#endif set->ssl.primary.verifypeer = TRUE; set->ssl.primary.verifyhost = TRUE; #ifdef USE_TLS_SRP diff --git a/lib/urldata.h b/lib/urldata.h index 22c66cd44..cc9c88870 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -518,7 +518,9 @@ struct ConnectBits { BIT(tls_enable_npn); /* TLS NPN extension? */ BIT(tls_enable_alpn); /* TLS ALPN extension? */ BIT(connect_only); +#ifndef CURL_DISABLE_DOH BIT(doh); +#endif #ifdef USE_UNIX_SOCKETS BIT(abstract_unix_socket); #endif @@ -1858,10 +1860,12 @@ struct UserDefined { header */ BIT(abstract_unix_socket); BIT(disallow_username_in_url); /* disallow username in url */ +#ifndef CURL_DISABLE_DOH BIT(doh); /* DNS-over-HTTPS enabled */ BIT(doh_verifypeer); /* DoH certificate peer verification */ BIT(doh_verifyhost); /* DoH certificate hostname verification */ BIT(doh_verifystatus); /* DoH certificate status verification */ +#endif BIT(http09_allowed); /* allow HTTP/0.9 responses */ BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some recipients */ |