11 files changed, 143 insertions, 18 deletions

diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c
index 65f3b2409..cfdb1b70f 100644
--- a/lib/vtls/axtls.c
+++ b/lib/vtls/axtls.c
@@ -740,6 +740,4 @@ const struct Curl_ssl Curl_ssl_axtls = {
   NULL                            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_axtls;
-
 #endif /* USE_AXTLS */
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 01ed678df..d679752fb 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -1015,6 +1015,4 @@ const struct Curl_ssl Curl_ssl_cyassl = {
   Curl_cyassl_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_cyassl;
-
 #endif
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index f65e93d86..b2ca52cb7 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -2927,8 +2927,6 @@ const struct Curl_ssl Curl_ssl_darwinssl = {
   Curl_darwinssl_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_darwinssl;
-
 #ifdef __clang__
 #pragma clang diagnostic pop
 #endif
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index 9d5568cf9..a1599dd5f 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -1388,6 +1388,4 @@ const struct Curl_ssl Curl_ssl_gskit = {
   NULL                            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_gskit;
-
 #endif /* USE_GSKIT */
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index f63f5460f..498634b29 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1839,5 +1839,4 @@ const struct Curl_ssl Curl_ssl_gnutls = {
   Curl_gtls_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_gnutls;
 #endif /* USE_GNUTLS */
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 61eee09bc..d7e16177b 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1072,6 +1072,4 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
   Curl_mbedtls_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_mbedtls;
-
 #endif /* USE_MBEDTLS */
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 14dd15423..91f6530af 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2378,5 +2378,4 @@ const struct Curl_ssl Curl_ssl_nss = {
   Curl_nss_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss;
 #endif /* USE_NSS */
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a96604dd6..136d8e475 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3453,6 +3453,4 @@ const struct Curl_ssl Curl_ssl_openssl = {
 #endif
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl;
-
 #endif /* USE_OPENSSL */
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index ae3f6f814..9d4aeacfb 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -937,6 +937,4 @@ const struct Curl_ssl Curl_ssl_polarssl = {
   Curl_polarssl_sha256sum            /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_polarssl;
-
 #endif /* USE_POLARSSL */
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index b1cd60e11..bd7a85bae 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1849,6 +1849,4 @@ const struct Curl_ssl Curl_ssl_schannel = {
   NULL                               /* sha256sum */
 };
 
-const struct Curl_ssl *Curl_ssl = &Curl_ssl_schannel;
-
 #endif /* USE_SCHANNEL */
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 3e52220fc..ed43e1d46 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -130,9 +130,14 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
   Curl_safefree(sslc->clientcert);
 }
 
+#ifdef USE_SSL
+static int multissl_init(void);
+#endif
+
 int Curl_ssl_backend(void)
 {
 #ifdef USE_SSL
+  multissl_init();
   return Curl_ssl->id;
 #else
   return (int)CURLSSLBACKEND_NONE;
@@ -1049,4 +1054,142 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
   return CURLE_OK;
 }
 
+static int Curl_multissl_init(void)
+{
+  if(multissl_init())
+    return 1;
+  return Curl_ssl->init();
+}
+
+static size_t Curl_multissl_version(char *buffer, size_t size)
+{
+  if(multissl_init())
+    return 0;
+  return Curl_ssl->version(buffer, size);
+}
+
+static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex)
+{
+  if(multissl_init())
+    return CURLE_FAILED_INIT;
+  return Curl_ssl->connect(conn, sockindex);
+}
+
+static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn,
+                                                  int sockindex, bool *done)
+{
+  if(multissl_init())
+    return CURLE_FAILED_INIT;
+  return Curl_ssl->connect_nonblocking(conn, sockindex, done);
+}
+
+static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl,
+                                         CURLINFO info)
+{
+  if(multissl_init())
+    return NULL;
+  return Curl_ssl->get_internals(connssl, info);
+}
+
+static void Curl_multissl_close(struct connectdata *conn, int sockindex)
+{
+  if(multissl_init())
+    return;
+  Curl_ssl->close(conn, sockindex);
+}
+
+static const struct Curl_ssl Curl_ssl_multi = {
+  "multi",                           /* name */
+  CURLSSLBACKEND_NONE,
+
+  0, /* have_ca_path */
+  0, /* have_certinfo */
+  0, /* have_pinnedpubkey */
+  0, /* have_ssl_ctx */
+  0, /* support_https_proxy */
+
+  (size_t)-1, /* something insanely large to be on the safe side */
+
+  Curl_multissl_init,                /* init */
+  Curl_none_cleanup,                 /* cleanup */
+  Curl_multissl_version,             /* version */
+  Curl_none_check_cxn,               /* check_cxn */
+  Curl_none_shutdown,                /* shutdown */
+  Curl_none_data_pending,            /* data_pending */
+  Curl_none_random,                  /* random */
+  Curl_none_cert_status_request,     /* cert_status_request */
+  Curl_multissl_connect,             /* connect */
+  Curl_multissl_connect_nonblocking, /* connect_nonblocking */
+  Curl_multissl_get_internals,       /* get_internals */
+  Curl_multissl_close,               /* close */
+  Curl_none_close_all,               /* close_all */
+  Curl_none_session_free,            /* session_free */
+  Curl_none_set_engine,              /* set_engine */
+  Curl_none_set_engine_default,      /* set_engine_default */
+  Curl_none_engines_list,            /* engines_list */
+  Curl_none_false_start,             /* false_start */
+  Curl_none_md5sum,                  /* md5sum */
+  NULL                               /* sha256sum */
+};
+
+const struct Curl_ssl *Curl_ssl = &Curl_ssl_multi;
+
+static const struct Curl_ssl *available_backends[] = {
+#if defined(USE_AXTLS)
+  &Curl_ssl_axtls,
+#endif
+#if defined(USE_CYASSL)
+  &Curl_ssl_cyassl,
+#endif
+#if defined(USE_DARWINSSL)
+  &Curl_ssl_darwinssl,
+#endif
+#if defined(USE_GNUTLS)
+  &Curl_ssl_gnutls,
+#endif
+#if defined(USE_GSKIT)
+  &Curl_ssl_gskit,
+#endif
+#if defined(USE_MBEDTLS)
+  &Curl_ssl_mbedtls,
+#endif
+#if defined(USE_NSS)
+  &Curl_ssl_nss,
+#endif
+#if defined(USE_OPENSSL)
+  &Curl_ssl_openssl,
+#endif
+#if defined(USE_POLARSSL)
+  &Curl_ssl_polarssl,
+#endif
+#if defined(USE_SCHANNEL)
+  &Curl_ssl_schannel,
+#endif
+  NULL
+};
+
+static int multissl_init(void)
+{
+  const char *env;
+  int i;
+
+  if(Curl_ssl != &Curl_ssl_multi)
+    return 1;
+
+  if(!available_backends[0])
+    return 1;
+
+  env = getenv("CURL_SSL_BACKEND");
+  if(env)
+    for(i = 0; available_backends[i]; i++)
+      if(!strcmp(env, available_backends[i]->name)) {
+        Curl_ssl = available_backends[i];
+        return 0;
+      }
+
+  /* Fall back to first available backend */
+  Curl_ssl = available_backends[0];
+  return 0;
+}
+
 #endif /* USE_SSL */