version: add "ECH" as a feature

If available

Follow-up to a362962b7
Closes #13378

diff --git a/docs/cmdline-opts/version.md b/docs/cmdline-opts/version.md
index 0fe8d741933b306f7d25c0de7bbaf180ceb9cf81..6a7919f890ee6ad507deed5c7ca963d654fc207c 100644 (file)
--- a/docs/cmdline-opts/version.md
+++ b/docs/cmdline-opts/version.md
@@ -46,6 +46,9 @@ curl was built with support for character set conversions (like EBCDIC)
 This curl uses a libcurl built with Debug. This enables more error-tracking
 and memory debugging etc. For curl-developers only!
 
+## `ECH`
+ECH support is present.
+
 ## `gsasl`
 The built-in SASL authentication includes extensions to support SCRAM because
 libcurl was built with libgsasl.

diff --git a/docs/libcurl/curl_version_info.md b/docs/libcurl/curl_version_info.md
index 1eb77345ec25270ebafda7ae5de4b99ff90ceda2..1b538d363ea0cbc1c62d5f5ab03c001e2a18e2e3 100644 (file)
--- a/docs/libcurl/curl_version_info.md
+++ b/docs/libcurl/curl_version_info.md
@@ -176,6 +176,12 @@ supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0)
 
 libcurl was built with debug capabilities (added in 7.10.6)
 
+## ECH
+
+*features* mask bit: non-existent
+
+libcurl was built with ECH support (experimental, added in 8.8.0)
+
 ## gsasl
 
 *features* mask bit: CURL_VERSION_GSASL

diff --git a/lib/version.c b/lib/version.c
index 8273386148276863cc168d68dc6d2d4fed9c7025..257c1fedbf17a7d2cc643ad4dabf2440f3b00db1 100644 (file)
--- a/lib/version.c
+++ b/lib/version.c
@@ -417,6 +417,14 @@ static int https_proxy_present(curl_version_info_data *info)
 }
 #endif
 
+#if defined(USE_SSL) && defined(USE_ECH)
+static int ech_present(curl_version_info_data *info)
+{
+  (void) info;
+  return Curl_ssl_supports(NULL, SSLSUPP_ECH);
+}
+#endif
+
 /*
  * Features table.
  *
@@ -445,6 +453,9 @@ static const struct feat features_table[] = {
 #ifdef DEBUGBUILD
   FEATURE("Debug",       NULL,                CURL_VERSION_DEBUG),
 #endif
+#if defined(USE_SSL) && defined(USE_ECH)
+  FEATURE("ECH",         ech_present,         0),
+#endif
 #ifdef USE_GSASL
   FEATURE("gsasl",       NULL,                CURL_VERSION_GSASL),
 #endif

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 7839ab4ab60d29e3067b6eeeaf0b231984a35462..2fa12c3a985291807c673333f93020d4497638bd 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5269,6 +5269,9 @@ const struct Curl_ssl Curl_ssl_openssl = {
   SSLSUPP_SSL_CTX |
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
   SSLSUPP_TLS13_CIPHERSUITES |
+#endif
+#ifdef USE_ECH
+  SSLSUPP_ECH |
 #endif
   SSLSUPP_HTTPS_PROXY,
 

diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index cd7eeeca174631e8bb159485fb649b563347f309..c40ff26208c8b1a70bcab6c364ad80320134b1bf 100644 (file)
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -37,6 +37,7 @@ struct Curl_ssl_session;
 #define SSLSUPP_HTTPS_PROXY  (1<<4) /* supports access via HTTPS proxies */
 #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
 #define SSLSUPP_CAINFO_BLOB  (1<<6)
+#define SSLSUPP_ECH          (1<<7)
 
 #define ALPN_ACCEPTED "ALPN: server accepted "
 

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 82593f301b0bae066286d8fcd74bf77b62903b6a..c747990ee987f75c8e1494f773ceb4453da290be 100644 (file)
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -1504,6 +1504,9 @@ const struct Curl_ssl Curl_ssl_wolfssl = {
 #endif
   SSLSUPP_CA_PATH |
   SSLSUPP_CAINFO_BLOB |
+#ifdef USE_ECH
+  SSLSUPP_ECH |
+#endif
   SSLSUPP_SSL_CTX,
 
   sizeof(struct wolfssl_ssl_backend_data),