#endif
#ifdef LIBRESSL_VERSION_NUMBER
-# /* As of LibreSSL 2.0.0-4.0.0: OPENSSL_VERSION_NUMBER == 0x20000000L */
-# if LIBRESSL_VERSION_NUMBER < 0x2090100fL /* 2019-04-13 */
-# error "LibreSSL 2.9.1 or later required"
-# endif
+/* As of LibreSSL 2.0.0-4.0.0: OPENSSL_VERSION_NUMBER == 0x20000000L */
+# if LIBRESSL_VERSION_NUMBER < 0x2090100fL /* 2019-04-13 */
+# error "LibreSSL 2.9.1 or later required"
+# endif
#elif OPENSSL_VERSION_NUMBER < 0x1000201fL /* 2015-03-19 */
-# error "OpenSSL 1.0.2a or later required"
+# error "OpenSSL 1.0.2a or later required"
#endif
#if defined(HAVE_OPENSSL3) && !defined(OPENSSL_NO_UI_CONSOLE)
static void ossl_provider_cleanup(struct Curl_easy *data);
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \
- !defined(LIBRESSL_VERSION_NUMBER) && \
- !defined(OPENSSL_IS_BORINGSSL))
- #define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+ !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
+#define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1
#endif
#include "../curlx/warnless.h"
(defined(LIBRESSL_VERSION_NUMBER) && \
LIBRESSL_VERSION_NUMBER >= 0x3040100fL)) && \
!defined(OPENSSL_IS_BORINGSSL)
- #define HAVE_SSL_CTX_SET_CIPHERSUITES
- #ifndef OPENSSL_IS_AWSLC
- #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
- #endif
+# define HAVE_SSL_CTX_SET_CIPHERSUITES
+# ifndef OPENSSL_IS_AWSLC
+# define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+# endif
#endif
/* Whether SSL_CTX_set1_sigalgs_list is available
* BoringSSL: supported since 0.20240913.0 (commit 826ce15)
* LibreSSL: no
*/
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && \
- !defined(LIBRESSL_VERSION_NUMBER))
- #define HAVE_SSL_CTX_SET1_SIGALGS
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+#define HAVE_SSL_CTX_SET1_SIGALGS
#endif
#ifdef LIBRESSL_VERSION_NUMBER
#define OSSL_PACKAGE "BoringSSL"
#elif defined(OPENSSL_IS_AWSLC)
#define OSSL_PACKAGE "AWS-LC"
-#elif (defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
- !defined(OPENSSL_QUIC_API2))
+#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
+ !defined(OPENSSL_QUIC_API2)
#define OSSL_PACKAGE "quictls"
#else
#define OSSL_PACKAGE "OpenSSL"
#endif
#define ossl_valsize_t numcert_t
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/* up2date versions of OpenSSL maintain reasonably secure defaults without
* breaking compatibility, so it is better not to override the defaults in curl
*/
#endif
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define HAVE_RANDOM_INIT_BY_DEFAULT 1
#endif
* X509_STORE between connections. The API is:
* * `X509_STORE_up_ref` -- Introduced: OpenSSL 1.1.0.
*/
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL >= 1.1.0 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* OpenSSL >= 1.1.0 */
#define HAVE_SSL_X509_STORE_SHARE
#endif
{
int i;
CURLcode result = CURLE_OK;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
- !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
const STACK_OF(X509_EXTENSION) *exts = extsarg;
#else
STACK_OF(X509_EXTENSION) *exts = CURL_UNCONST(extsarg);
UI_METHOD *ui_method =
UI_create_method(OSSL_UI_METHOD_CAST("curl user interface"));
if(!ui_method) {
- failf(data, "unable do create " OSSL_PACKAGE
- " user-interface method");
+ failf(data, "unable do create " OSSL_PACKAGE " user-interface method");
return 0;
}
UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
UI_METHOD *ui_method =
UI_create_method(OSSL_UI_METHOD_CAST("curl user interface"));
if(!ui_method) {
- failf(data, "unable do create " OSSL_PACKAGE
- " user-interface method");
+ failf(data, "unable do create " OSSL_PACKAGE " user-interface method");
return 0;
}
UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
if(!cert_bio) {
failf(data,
- "BIO_new_mem_buf NULL, " OSSL_PACKAGE
- " error %s",
+ "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
cert_bio = BIO_new(BIO_s_file());
if(!cert_bio) {
failf(data,
- "BIO_new return NULL, " OSSL_PACKAGE
- " error %s",
+ "BIO_new return NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
# define HAS_ALPN_OPENSSL
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0 */
static CURLcode
ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
{
typedef long ctx_option_t;
#endif
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L /* 1.1.0 */
static CURLcode
ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
struct Curl_cfilter *cf,
if(result)
return result;
}
-#endif /* USE_ECH_OPENSSL */
+#endif /* USE_ECH_OPENSSL */
return ossl_init_session_and_alpns(octx, cf, data, peer,
alpns_requested, sess_reuse_cb);
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
/* it will be handled later with the context options */
- #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
*pmethod = TLS_client_method();
- #else
+#else
*pmethod = SSLv23_client_method();
- #endif
+#endif
break;
case CURL_SSLVERSION_SSLv2:
failf(data, "No SSLv2 support");
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0 */
result = ossl_set_ssl_version_min_max(cf, octx->ssl_ctx);
#else
result = ossl_set_ssl_version_min_max_legacy(&ctx_options, cf, data);
#ifdef HAVE_OPENSSL3
SSL_get_peer_signature_type_nid(octx->ssl, &psigtype_nid);
-#if (OPENSSL_VERSION_NUMBER >= 0x30200000L)
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
negotiated_group_name = SSL_get0_group_name(octx->ssl);
#else
negotiated_group_name =
connssl->connecting_state = ssl_connect_3;
Curl_ossl_report_handshake(data, octx);
-#ifdef USE_ECH_OPENSSL
-# ifndef HAVE_BORINGSSL_LIKE
+#if defined(USE_ECH_OPENSSL) && !defined(HAVE_BORINGSSL_LIKE)
if(ECH_ENABLED(data)) {
char *inner = NULL, *outer = NULL;
const char *status = NULL;
else {
infof(data, "ECH: result: status is not attempted");
}
-# endif /* !HAVE_BORINGSSL_LIKE */
-#endif /* USE_ECH_OPENSSL */
+#endif /* USE_ECH_OPENSSL && !HAVE_BORINGSSL_LIKE */
#ifdef HAS_ALPN_OPENSSL
/* Sets data and len to negotiated protocol, len is 0 if no protocol was
return result;
}
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
!(defined(LIBRESSL_VERSION_NUMBER) && \
LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \
!defined(HAVE_BORINGSSL_LIKE) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
if(!mem) {
failf(data,
- "BIO_new return NULL, " OSSL_PACKAGE
- " error %s",
+ "BIO_new return NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return CURLE_OUT_OF_MEMORY;
(int)conn_config->issuercert_blob->len);
if(!fp) {
failf(data,
- "BIO_new_mem_buf NULL, " OSSL_PACKAGE
- " error %s",
+ "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
X509_free(octx->server_cert);
fp = BIO_new(BIO_s_file());
if(!fp) {
failf(data,
- "BIO_new return NULL, " OSSL_PACKAGE
- " error %s",
+ "BIO_new return NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
X509_free(octx->server_cert);
#elif defined(OPENSSL_IS_BORINGSSL)
#ifdef CURL_BORINGSSL_VERSION
return msnprintf(buffer, size, "%s/%s",
- OSSL_PACKAGE,
- CURL_BORINGSSL_VERSION);
+ OSSL_PACKAGE, CURL_BORINGSSL_VERSION);
#else
return msnprintf(buffer, size, OSSL_PACKAGE);
#endif
#elif defined(OPENSSL_IS_AWSLC)
return msnprintf(buffer, size, "%s/%s",
- OSSL_PACKAGE,
- AWSLC_VERSION_NUMBER_STRING);
+ OSSL_PACKAGE, AWSLC_VERSION_NUMBER_STRING);
#elif defined(OPENSSL_VERSION_STRING) /* OpenSSL 3+ */
return msnprintf(buffer, size, "%s/%s",
OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
projects / thirdparty / curl.git / commitdiff
