From f46385d36df3bca747d830efea8aabf4c328221f Mon Sep 17 00:00:00 2001 From: MAntoniak <47522782+MAntoniak@users.noreply.github.com> Date: Tue, 26 Mar 2024 00:19:23 +0100 Subject: [PATCH] urldata: remove fields not used depending on used features Reduced size of dynamically_allocated_data structure. Reduced number of stored values in enum dupstring and enum dupblob. This affects the reduced array placed in the UserDefined structure. Closes #13188 --- lib/c-hyper.c | 4 ++ lib/getinfo.c | 4 ++ lib/http.c | 6 +++ lib/http_negotiate.c | 23 +++++++-- lib/rtsp.c | 2 + lib/setopt.c | 2 + lib/transfer.c | 2 + lib/url.c | 18 +++++-- lib/urldata.h | 120 ++++++++++++++++++++++++++++++------------- lib/vtls/gtls.c | 4 ++ lib/vtls/mbedtls.c | 4 ++ lib/vtls/openssl.c | 4 ++ lib/vtls/schannel.c | 4 ++ lib/vtls/wolfssl.c | 4 ++ 14 files changed, 157 insertions(+), 44 deletions(-) diff --git a/lib/c-hyper.c b/lib/c-hyper.c index 247d59f077..88674ee0a1 100644 --- a/lib/c-hyper.c +++ b/lib/c-hyper.c @@ -980,11 +980,13 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } +#ifndef CURL_DISABLE_PROXY if(data->state.aptr.proxyuserpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd); if(result) goto error; } +#endif if(data->state.aptr.userpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.userpwd); @@ -1137,7 +1139,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* clear userpwd and proxyuserpwd to avoid reusing old credentials * from reused connections */ Curl_safefree(data->state.aptr.userpwd); +#ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); +#endif return CURLE_OK; error: DEBUGASSERT(result); diff --git a/lib/getinfo.c b/lib/getinfo.c index dd43643d8b..e423f0b29a 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -161,7 +161,11 @@ static CURLcode getinfo_char(struct Curl_easy *data, CURLINFO info, *param_charp = data->info.primary.local_ip; break; case CURLINFO_RTSP_SESSION_ID: +#ifndef CURL_DISABLE_RTSP *param_charp = data->set.str[STRING_RTSP_SESSION_ID]; +#else + *param_charp = NULL; +#endif break; case CURLINFO_SCHEME: *param_charp = data->info.conn_scheme; diff --git a/lib/http.c b/lib/http.c index a764d3c440..190cf821ed 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2684,8 +2684,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) httpstring, (data->state.aptr.host?data->state.aptr.host:""), +#ifndef CURL_DISABLE_PROXY data->state.aptr.proxyuserpwd? data->state.aptr.proxyuserpwd:"", +#else + "", +#endif data->state.aptr.userpwd?data->state.aptr.userpwd:"", (data->state.use_range && data->state.aptr.rangeline)? data->state.aptr.rangeline:"", @@ -2719,7 +2723,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* clear userpwd and proxyuserpwd to avoid reusing old credentials * from reused connections */ Curl_safefree(data->state.aptr.userpwd); +#ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); +#endif free(altused); if(result) { diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 153e3d4ab8..a32d352f2d 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -120,16 +120,29 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, CURLcode Curl_output_negotiate(struct Curl_easy *data, struct connectdata *conn, bool proxy) { - struct negotiatedata *neg_ctx = proxy ? &conn->proxyneg : - &conn->negotiate; - struct auth *authp = proxy ? &data->state.authproxy : &data->state.authhost; - curlnegotiate *state = proxy ? &conn->proxy_negotiate_state : - &conn->http_negotiate_state; + struct negotiatedata *neg_ctx; + struct auth *authp; + curlnegotiate *state; char *base64 = NULL; size_t len = 0; char *userp; CURLcode result; + if(proxy) { +#ifndef CURL_DISABLE_PROXY + neg_ctx = &conn->proxyneg; + authp = &data->state.authproxy; + state = &conn->proxy_negotiate_state; +#else + return CURLE_NOT_BUILT_IN; +#endif + } + else { + neg_ctx = &conn->negotiate; + authp = &data->state.authhost; + state = &conn->http_negotiate_state; + } + authp->done = FALSE; if(*state == GSS_AUTHRECV) { diff --git a/lib/rtsp.c b/lib/rtsp.c index 98468517a1..7251c062b1 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -393,7 +393,9 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(result) goto out; +#ifndef CURL_DISABLE_PROXY p_proxyuserpwd = data->state.aptr.proxyuserpwd; +#endif p_userpwd = data->state.aptr.userpwd; /* Referrer */ diff --git a/lib/setopt.c b/lib/setopt.c index f6365bd90a..61a9244c82 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -1320,6 +1320,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.ftpsslauth = (unsigned char)(curl_ftpauth)arg; break; +#ifdef HAVE_GSSAPI case CURLOPT_KRBLEVEL: /* * A string that defines the kerberos security level. @@ -1329,6 +1330,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.krb = !!(data->set.str[STRING_KRB_LEVEL]); break; #endif +#endif #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) case CURLOPT_FTP_CREATE_MISSING_DIRS: /* diff --git a/lib/transfer.c b/lib/transfer.c index 4162313cdf..ed1d69fa9d 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -705,12 +705,14 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) if(!result) result = Curl_setstropt(&data->state.aptr.passwd, data->set.str[STRING_PASSWORD]); +#ifndef CURL_DISABLE_PROXY if(!result) result = Curl_setstropt(&data->state.aptr.proxyuser, data->set.str[STRING_PROXYUSERNAME]); if(!result) result = Curl_setstropt(&data->state.aptr.proxypasswd, data->set.str[STRING_PROXYPASSWORD]); +#endif data->req.headerbytecount = 0; Curl_headers_cleanup(data); diff --git a/lib/url.c b/lib/url.c index 549e8f91fb..786953c978 100644 --- a/lib/url.c +++ b/lib/url.c @@ -278,10 +278,12 @@ CURLcode Curl_close(struct Curl_easy **datap) up_free(data); Curl_dyn_free(&data->state.headerb); Curl_flush_cookies(data, TRUE); +#ifndef CURL_DISABLE_ALTSVC Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]); Curl_altsvc_cleanup(&data->asi); - Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]); +#endif #ifndef CURL_DISABLE_HSTS + Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]); if(!data->share || !data->share->hsts) Curl_hsts_cleanup(&data->hsts); curl_slist_free_all(data->state.hstslist); /* clean up list */ @@ -305,7 +307,9 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); } +#ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); +#endif Curl_safefree(data->state.aptr.uagent); Curl_safefree(data->state.aptr.userpwd); Curl_safefree(data->state.aptr.accept_encoding); @@ -313,12 +317,18 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_safefree(data->state.aptr.rangeline); Curl_safefree(data->state.aptr.ref); Curl_safefree(data->state.aptr.host); +#ifndef CURL_DISABLE_COOKIES Curl_safefree(data->state.aptr.cookiehost); +#endif +#ifndef CURL_DISABLE_RTSP Curl_safefree(data->state.aptr.rtsp_transport); +#endif Curl_safefree(data->state.aptr.user); Curl_safefree(data->state.aptr.passwd); +#ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuser); Curl_safefree(data->state.aptr.proxypasswd); +#endif #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_FORM_API) Curl_mime_cleanpart(data->state.formp); @@ -429,20 +439,22 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE); if(result) return result; - +#ifndef CURL_DISABLE_PROXY result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); if(result) return result; #endif +#endif #if defined(CURL_CA_PATH) result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], CURL_CA_PATH); if(result) return result; - +#ifndef CURL_DISABLE_PROXY result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH); if(result) return result; +#endif #endif } diff --git a/lib/urldata.h b/lib/urldata.h index ce28f25bba..226d1af71d 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1327,22 +1327,28 @@ struct UrlState { /* Dynamically allocated strings, MUST be freed before this struct is killed. */ struct dynamically_allocated_data { - char *proxyuserpwd; char *uagent; char *accept_encoding; char *userpwd; char *rangeline; char *ref; char *host; +#ifndef CURL_DISABLE_COOKIES char *cookiehost; +#endif +#ifndef CURL_DISABLE_RTSP char *rtsp_transport; +#endif char *te; /* TE: request header */ /* transfer credentials */ char *user; char *passwd; +#ifndef CURL_DISABLE_PROXY + char *proxyuserpwd; char *proxyuser; char *proxypasswd; +#endif } aptr; unsigned char httpwant; /* when non-zero, a specific HTTP version requested @@ -1407,95 +1413,125 @@ struct UrlState { struct Curl_multi; /* declared in multihandle.c */ -/* - * This enumeration MUST not use conditional directives (#ifdefs), new - * null terminated strings MUST be added to the enumeration immediately - * before STRING_LASTZEROTERMINATED, binary fields immediately before - * STRING_LAST. When doing so, ensure that the packages/OS400/chkstring.c - * test is updated and applicable changes for EBCDIC to ASCII conversion - * are catered for in curl_easy_setopt_ccsid() - */ enum dupstring { STRING_CERT, /* client certificate file name */ - STRING_CERT_PROXY, /* client certificate file name */ STRING_CERT_TYPE, /* format for certificate (default: PEM)*/ + STRING_KEY, /* private key file name */ + STRING_KEY_PASSWD, /* plain text private key password */ + STRING_KEY_TYPE, /* format for private key (default: PEM) */ + STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */ + STRING_SSL_CAFILE, /* certificate file to verify peer against */ + STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */ + STRING_SSL_CIPHER_LIST, /* list of ciphers to use */ + STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */ + STRING_SSL_CRLFILE, /* crl file to check certificate */ + STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */ + STRING_SERVICE_NAME, /* Service name */ +#ifndef CURL_DISABLE_PROXY + STRING_CERT_PROXY, /* client certificate file name */ STRING_CERT_TYPE_PROXY, /* format for certificate (default: PEM)*/ + STRING_KEY_PROXY, /* private key file name */ + STRING_KEY_PASSWD_PROXY, /* plain text private key password */ + STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */ + STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */ + STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */ + STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */ + STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ + STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */ + STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */ + STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */ + STRING_PROXY_SERVICE_NAME, /* Proxy service name */ +#endif +#ifndef CURL_DISABLE_COOKIES STRING_COOKIE, /* HTTP cookie string to send */ STRING_COOKIEJAR, /* dump all cookies to this file */ +#endif STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */ STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL doesn't specify */ STRING_DEVICE, /* local network interface/address to use */ STRING_ENCODING, /* Accept-Encoding string */ +#ifndef CURL_DISABLE_FTP STRING_FTP_ACCOUNT, /* ftp account data */ STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */ STRING_FTPPORT, /* port to send with the FTP PORT command */ - STRING_KEY, /* private key file name */ - STRING_KEY_PROXY, /* private key file name */ - STRING_KEY_PASSWD, /* plain text private key password */ - STRING_KEY_PASSWD_PROXY, /* plain text private key password */ - STRING_KEY_TYPE, /* format for private key (default: PEM) */ - STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */ +#endif +#if defined(HAVE_GSSAPI) STRING_KRB_LEVEL, /* krb security level */ +#endif +#ifndef CURL_DISABLE_NETRC STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find $HOME/.netrc */ +#endif +#ifndef CURL_DISABLE_PROXY STRING_PROXY, /* proxy to use */ STRING_PRE_PROXY, /* pre socks proxy to use */ +#endif STRING_SET_RANGE, /* range, if used */ STRING_SET_REFERER, /* custom string for the HTTP referer field */ STRING_SET_URL, /* what original URL to work on */ - STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */ - STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */ - STRING_SSL_CAFILE, /* certificate file to verify peer against */ - STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */ - STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */ - STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */ - STRING_SSL_CIPHER_LIST, /* list of ciphers to use */ - STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ - STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */ - STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */ STRING_USERAGENT, /* User-Agent string */ - STRING_SSL_CRLFILE, /* crl file to check certificate */ - STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */ - STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */ - STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */ STRING_SSL_ENGINE, /* name of ssl engine */ STRING_USERNAME, /* , if used */ STRING_PASSWORD, /* , if used */ STRING_OPTIONS, /* , if used */ +#ifndef CURL_DISABLE_PROXY STRING_PROXYUSERNAME, /* Proxy , if used */ STRING_PROXYPASSWORD, /* Proxy , if used */ STRING_NOPROXY, /* List of hosts which should not use the proxy, if used */ +#endif +#ifndef CURL_DISABLE_RTSP STRING_RTSP_SESSION_ID, /* Session ID to use */ STRING_RTSP_STREAM_URI, /* Stream URI for this request */ STRING_RTSP_TRANSPORT, /* Transport for this session */ +#endif +#ifdef USE_SSH STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */ STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */ STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */ STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */ STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */ - STRING_PROXY_SERVICE_NAME, /* Proxy service name */ - STRING_SERVICE_NAME, /* Service name */ +#endif +#ifndef CURL_DISABLE_SMTP STRING_MAIL_FROM, STRING_MAIL_AUTH, +#endif +#ifdef USE_TLS_SRP STRING_TLSAUTH_USERNAME, /* TLS auth */ - STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth */ STRING_TLSAUTH_PASSWORD, /* TLS auth */ +#ifndef CURL_DISABLE_PROXY + STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth */ STRING_TLSAUTH_PASSWORD_PROXY, /* TLS auth */ +#endif +#endif STRING_BEARER, /* , if used */ +#ifdef USE_UNIX_SOCKETS STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */ +#endif STRING_TARGET, /* CURLOPT_REQUEST_TARGET */ +#ifndef CURL_DISABLE_DOH STRING_DOH, /* CURLOPT_DOH_URL */ +#endif +#ifndef CURL_DISABLE_ALTSVC STRING_ALTSVC, /* CURLOPT_ALTSVC */ +#endif +#ifndef CURL_DISABLE_HSTS STRING_HSTS, /* CURLOPT_HSTS */ +#endif STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */ +#ifdef USE_ARES STRING_DNS_SERVERS, STRING_DNS_INTERFACE, STRING_DNS_LOCAL_IP4, STRING_DNS_LOCAL_IP6, +#endif STRING_SSL_EC_CURVES, +#ifndef CURL_DISABLE_AWS STRING_AWS_SIGV4, /* Parameters for V4 signature */ +#endif +#ifndef CURL_DISABLE_PROXY STRING_HAPROXY_CLIENT_IP, /* CURLOPT_HAPROXY_CLIENT_IP */ +#endif /* -- end of null-terminated strings -- */ @@ -1510,13 +1546,15 @@ enum dupstring { enum dupblob { BLOB_CERT, - BLOB_CERT_PROXY, BLOB_KEY, - BLOB_KEY_PROXY, BLOB_SSL_ISSUERCERT, - BLOB_SSL_ISSUERCERT_PROXY, BLOB_CAINFO, +#ifndef CURL_DISABLE_PROXY + BLOB_CERT_PROXY, + BLOB_KEY_PROXY, + BLOB_SSL_ISSUERCERT_PROXY, BLOB_CAINFO_PROXY, +#endif BLOB_LAST }; @@ -1735,7 +1773,9 @@ struct UserDefined { BIT(cookiesession); /* new cookie session? */ #endif BIT(crlf); /* convert crlf on ftp upload(?) */ +#ifdef USE_SSH BIT(ssh_compression); /* enable SSH compression */ +#endif /* Here follows boolean settings that define how to behave during this session. They are STATIC, set by libcurl users or at least initially @@ -1745,7 +1785,9 @@ struct UserDefined { don't want lengthy cleanups to delay termination, e.g. after a DNS timeout */ BIT(get_filetime); /* get the time and get of the remote file */ +#ifndef CURL_DISABLE_PROXY BIT(tunnel_thru_httpproxy); /* use CONNECT through an HTTP proxy */ +#endif BIT(prefer_ascii); /* ASCII rather than binary */ BIT(remote_append); /* append, not overwrite, on upload */ #ifdef CURL_LIST_ONLY_PROTOCOL @@ -1772,7 +1814,9 @@ struct UserDefined { location: */ BIT(opt_no_body); /* as set with CURLOPT_NOBODY */ BIT(verbose); /* output verbosity */ +#if defined(HAVE_GSSAPI) BIT(krb); /* Kerberos connection requested */ +#endif BIT(reuse_forbid); /* forbidden to be reused, close after use */ BIT(reuse_fresh); /* do not reuse an existing connection */ BIT(no_signal); /* do not use any signal/alarm handler */ @@ -1797,9 +1841,13 @@ struct UserDefined { BIT(suppress_connect_headers); /* suppress proxy CONNECT response headers from user callbacks */ BIT(dns_shuffle_addresses); /* whether to shuffle addresses before use */ +#ifndef CURL_DISABLE_PROXY BIT(haproxyprotocol); /* whether to send HAProxy PROXY protocol v1 header */ +#endif +#ifdef USE_UNIX_SOCKETS BIT(abstract_unix_socket); +#endif BIT(disallow_username_in_url); /* disallow username in url */ #ifndef CURL_DISABLE_DOH BIT(doh); /* DNS-over-HTTPS enabled */ diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 6eaa6a8f73..7db1ce9daf 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -1245,9 +1245,13 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf, struct ssl_connect_data *connssl = cf->ctx; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); +#ifndef CURL_DISABLE_PROXY const char *pinned_key = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#else + const char *pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#endif CURLcode result; result = Curl_gtls_verifyserver(data, session, conn_config, ssl_config, diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 5f07e78ef7..f4e041b166 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -752,9 +752,13 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) (struct mbed_ssl_backend_data *)connssl->backend; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); const mbedtls_x509_crt *peercert; +#ifndef CURL_DISABLE_PROXY const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#else + const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#endif DEBUGASSERT(backend); diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 85c43efdb2..6157f2eb08 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -4412,9 +4412,13 @@ static CURLcode servercert(struct Curl_cfilter *cf, /* when not strict, we don't bother about the verify cert problems */ result = CURLE_OK; +#ifndef CURL_DISABLE_PROXY ptr = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#else + ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#endif if(!result && ptr) { result = ossl_pkp_pin_peer_pubkey(data, backend->server_cert, ptr); if(result) diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 8736b9e28a..18aaf63a59 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -1569,9 +1569,13 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGF(infof(data, "schannel: SSL/TLS handshake complete")); } +#ifndef CURL_DISABLE_PROXY pubkey_ptr = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#else + pubkey_ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#endif if(pubkey_ptr) { result = schannel_pkp_pin_peer_pubkey(cf, data, pubkey_ptr); if(result) { diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index b07025e912..31ef8c75b6 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -756,9 +756,13 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) struct wolfssl_ssl_backend_data *backend = (struct wolfssl_ssl_backend_data *)connssl->backend; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); +#ifndef CURL_DISABLE_PROXY const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#else + const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; +#endif DEBUGASSERT(backend); -- 2.47.2