dnl Recent WolfSSL versions build without SSLv3 by default
dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
AC_CHECK_FUNCS(wolfSSLv3_client_method \
+ wolfSSL_CTX_UseSupportedCurve \
wolfSSL_get_peer_certificate \
wolfSSL_UseALPN)
else
dnl Cyassl needs configure --enable-opensslextra to have *get_peer*
- AC_CHECK_FUNCS(CyaSSL_get_peer_certificate)
+ AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \
+ CyaSSL_get_peer_certificate)
fi
if test -n "$cyassllib"; then
#endif
#endif
+/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
+ supported curve extension in options.h. Note ECC is enabled separately. */
+#ifndef HAVE_SUPPORTED_CURVES
+#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
+ defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
+#define HAVE_SUPPORTED_CURVES
+#endif
+#endif
+
static Curl_recv cyassl_recv;
static Curl_send cyassl_send;
}
#endif
+#ifdef HAVE_SUPPORTED_CURVES
+ /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
+ https://github.com/wolfSSL/wolfssl/issues/366
+ The supported curves below are those also supported by OpenSSL 1.0.2 and
+ in the same order. */
+ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */
+ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */
+ CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */
+#endif
+
/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = CURLE_OK;
--enable-sha512 \
--enable-sni \
--enable-sslv3 \
+ --enable-supportedcurves \
--enable-testcert \
> config.out 2>&1
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
#undef WOLFSSL_TEST_CERT
#define WOLFSSL_TEST_CERT
projects / thirdparty / curl.git / commitdiff
