charon.plugins.curl.redir = -1
Maximum number of redirects followed by the plugin, set to 0 to disable
following redirects, set to -1 for no limit.
+
+charon.plugins.curl.tls_backend =
+ The SSL/TLS backend to configure in curl if multiple are available.
+
+ The SSL/TLS backend to configure in curl if multiple are available (requires
+ libcurl 7.56 or newer). A list of available options is logged on level 2 if
+ nothing is configured. Similar but on level 1 if the selected backend isn't
+ available.
/*
+ * Copyright (C) 2023 Tobias Brunner
* Copyright (C) 2008 Martin Willi
*
* Copyright (C) secunet Security Networks AG
free(this);
}
+#if LIBCURL_VERSION_NUM >= 0x073800
+/**
+ * Configure a specific SSL backend if multiple are available
+ */
+static void set_ssl_backend()
+{
+ const curl_ssl_backend **avail;
+ char *backend, buf[BUF_LEN] = "";
+ int i, len = 0, added;
+
+ backend = lib->settings->get_str(lib->settings, "%s.plugins.curl.tls_backend",
+ NULL, lib->ns);
+ switch (curl_global_sslset(-1, backend, &avail))
+ {
+ case CURLSSLSET_UNKNOWN_BACKEND:
+ for (i = 0; avail[i]; i++)
+ {
+ added = snprintf(buf + len, sizeof(buf) - len, " %s",
+ avail[i]->name);
+ if (added < sizeof(buf) - len)
+ {
+ len += added;
+ }
+ }
+ if (backend)
+ {
+ DBG1(DBG_LIB, "unsupported TLS backend '%s' in libcurl, "
+ "available:%s", backend, buf);
+ }
+ else
+ {
+ DBG2(DBG_LIB, "available TLS backends in libcurl:%s", buf);
+ }
+ break;
+ case CURLSSLSET_NO_BACKENDS:
+ if (backend)
+ {
+ DBG1(DBG_LIB, "unable to set TLS backend '%s', libcurl was "
+ "built without TLS support", backend);
+ }
+ break;
+ case CURLSSLSET_TOO_LATE:
+ if (backend)
+ {
+ DBG1(DBG_LIB, "unable to set TLS backend '%s' in libcurl, "
+ "already set", backend);
+ }
+ break;
+ case CURLSSLSET_OK:
+ break;
+ }
+}
+#endif
+
/*
* see header file
*/
},
);
+#if LIBCURL_VERSION_NUM >= 0x073800
+ set_ssl_backend();
+#endif
+
res = curl_global_init(CURL_GLOBAL_SSL);
if (res != CURLE_OK)
{