From e2ec7bf1b40d20338c7db18932160cd01a125007 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Mon, 27 Jan 2025 23:48:18 -0500 Subject: [PATCH] vtls: fix default SSL backend as a fallback - Use build-time CURL_DEFAULT_SSL_BACKEND as a fallback when environment variable CURL_SSL_BACKEND contains a backend that is unavailable. Prior to this change if CURL_SSL_BACKEND was set then CURL_DEFAULT_SSL_BACKEND was ignored even if the backend of the former was unavailable. In that case libcurl would instead select the first available backend in the list of backends. Bug: https://github.com/curl/curl/issues/16076#issuecomment-2617354254 Reported-by: Jeroen Ooms Closes https://github.com/curl/curl/pull/16108 --- lib/vtls/vtls.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index df9b953a8a..c258b113f5 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -1113,8 +1113,8 @@ static size_t multissl_version(char *buffer, size_t size) static int multissl_setup(const struct Curl_ssl *backend) { - const char *env; - char *env_tmp; + int i; + char *env; if(Curl_ssl != &Curl_ssl_multi) return 1; @@ -1127,25 +1127,31 @@ static int multissl_setup(const struct Curl_ssl *backend) if(!available_backends[0]) return 1; - env = env_tmp = curl_getenv("CURL_SSL_BACKEND"); -#ifdef CURL_DEFAULT_SSL_BACKEND - if(!env) - env = CURL_DEFAULT_SSL_BACKEND; -#endif + env = curl_getenv("CURL_SSL_BACKEND"); if(env) { - int i; for(i = 0; available_backends[i]; i++) { if(strcasecompare(env, available_backends[i]->info.name)) { Curl_ssl = available_backends[i]; - free(env_tmp); + free(env); return 0; } } } +#ifdef CURL_DEFAULT_SSL_BACKEND + for(i = 0; available_backends[i]; i++) { + if(strcasecompare(CURL_DEFAULT_SSL_BACKEND, + available_backends[i]->info.name)) { + Curl_ssl = available_backends[i]; + free(env); + return 0; + } + } +#endif + /* Fall back to first available backend */ Curl_ssl = available_backends[0]; - free(env_tmp); + free(env); return 0; } -- 2.47.2