curl: Don't ignore unknown SSL/TLS backends

Only older versions of OpenSSL and GnuTLS need special treatment, so we
now accept all other backends (e.g. "(SecureTransport) OpenSSL/1.1.1s"
on macOS).

Whenever we remove support for the affected versions of the mentioned
libraries, we can remove the corresponding *-threading plugin feature
and the code here.

diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index b7ced5ee99ca0204284ea6dd50254a3132fea53c..37564c2e4e425ba366694c9dc452c9858a2ec952 100644 (file)
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -60,7 +60,9 @@ static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
 static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
                                                                 char *proto, plugin_feature_t f)
 {
-       /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+       /* according to https://curl.se/libcurl/c/threadsafe.html there is only an
+        * issue with thread-safety with older versions of OpenSSL (<= 1.0.2) and
+        * GnuTLS (< 1.6.0), so we just accept all other SSL backends */
        if (strpfx(ssl, "OpenSSL") || strpfx(ssl, "LibreSSL"))
        {
                add_feature(this, f);
@@ -71,15 +73,9 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
                add_feature(this, f);
                add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
        }
-       else if (strpfx(ssl, "NSS") ||
-                        strpfx(ssl, "BoringSSL"))
-       {
-               add_feature(this, f);
-       }
        else
        {
-               DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
-                        ssl, proto);
+               add_feature(this, f);
        }
 }