From: Viktor Szakats <commit@vsz.me>
Date: Sun, 30 Nov 2025 16:31:24 +0000 (+0100)
Subject: vtls: drop interim ECH feature macros (OpenSSL, wolfSSL)
X-Git-Tag: rc-8_18_0-1~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e8d5da7eeaa83c9d2e5cc62fb92231cf75d3c94;p=thirdparty%2Fcurl.git

vtls: drop interim ECH feature macros (OpenSSL, wolfSSL)

Use the macros set by autotools and cmake, to simplify.

Closes #19772
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a958698b58..67466e6e41 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -86,11 +86,7 @@
 #include <openssl/tls1.h>
 #include <openssl/evp.h>
 
-#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
-#define USE_ECH_OPENSSL
-#endif
-
-#if defined(USE_ECH_OPENSSL) && !defined(HAVE_BORINGSSL_LIKE)
+#if defined(HAVE_SSL_SET1_ECH_CONFIG_LIST) && !defined(HAVE_BORINGSSL_LIKE)
 #include <openssl/ech.h>
 #endif
 
@@ -3447,7 +3443,7 @@ ossl_init_session_and_alpns(struct ossl_ctx *octx,
   return CURLE_OK;
 }
 
-#ifdef USE_ECH_OPENSSL
+#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
 static CURLcode ossl_init_ech(struct ossl_ctx *octx,
                               struct Curl_cfilter *cf,
                               struct Curl_easy *data,
@@ -3576,7 +3572,7 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
 
   return CURLE_OK;
 }
-#endif /* USE_ECH_OPENSSL */
+#endif /* HAVE_SSL_SET1_ECH_CONFIG_LIST */
 
 static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
                               struct Curl_cfilter *cf,
@@ -3611,13 +3607,13 @@ static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
     }
   }
 
-#ifdef USE_ECH_OPENSSL
+#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
   {
     CURLcode result = ossl_init_ech(octx, cf, data, peer);
     if(result)
       return result;
   }
-#endif /* USE_ECH_OPENSSL */
+#endif /* HAVE_SSL_SET1_ECH_CONFIG_LIST */
 
   return ossl_init_session_and_alpns(octx, cf, data, peer,
                                      alpns_requested, sess_reuse_cb);
@@ -4091,7 +4087,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
   return CURLE_OK;
 }
 
-#ifdef USE_ECH_OPENSSL
+#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
 /* If we have retry configs, then trace those out */
 static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL *ssl,
                                          int reason)
@@ -4262,7 +4258,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
               ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)));
       }
 #endif
-#ifdef USE_ECH_OPENSSL
+#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
       else if((lib == ERR_LIB_SSL) &&
 # ifndef HAVE_BORINGSSL_LIKE
               (reason == SSL_R_ECH_REQUIRED)) {
@@ -4309,7 +4305,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
     connssl->connecting_state = ssl_connect_3;
     Curl_ossl_report_handshake(data, octx);
 
-#if defined(USE_ECH_OPENSSL) && !defined(HAVE_BORINGSSL_LIKE)
+#if defined(HAVE_SSL_SET1_ECH_CONFIG_LIST) && !defined(HAVE_BORINGSSL_LIKE)
     if(ECH_ENABLED(data)) {
       char *inner = NULL, *outer = NULL;
       const char *status = NULL;
@@ -4367,7 +4363,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
     else {
       infof(data, "ECH: result: status is not attempted");
     }
-#endif /* USE_ECH_OPENSSL && !HAVE_BORINGSSL_LIKE */
+#endif /* HAVE_SSL_SET1_ECH_CONFIG_LIST && !HAVE_BORINGSSL_LIKE */
 
 #ifdef HAS_ALPN_OPENSSL
     /* Sets data and len to negotiated protocol, len is 0 if no protocol was
@@ -5435,7 +5431,7 @@ const struct Curl_ssl Curl_ssl_openssl = {
 #ifdef HAVE_SSL_CTX_SET1_SIGALGS
   SSLSUPP_SIGNATURE_ALGORITHMS |
 #endif
-#ifdef USE_ECH_OPENSSL
+#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
   SSLSUPP_ECH |
 #endif
   SSLSUPP_CA_CACHE |
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 62bf723efd..cfefeb9320 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -75,10 +75,6 @@
 #include <wolfssl/error-ssl.h>
 #include "wolfssl.h"
 
-#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
-#define USE_ECH_WOLFSSL
-#endif
-
 /* KEEP_PEER_CERT is a product of the presence of build time symbol
    OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
    in wolfSSL's settings.h, and the latter two are build time symbols in
@@ -1364,7 +1360,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
   }
 #endif /* HAVE_SECURE_RENEGOTIATION */
 
-#ifdef USE_ECH_WOLFSSL
+#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
   if(ECH_ENABLED(data)) {
     int trying_ech_now = 0;
 
@@ -1449,7 +1445,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
     }
 
   }
-#endif  /* USE_ECH_WOLFSSL */
+#endif /* HAVE_WOLFSSL_CTX_GENERATEECHCONFIG */
 
   result = CURLE_OK;
 
@@ -1786,7 +1782,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf, struct Curl_easy *data)
         return wssl->io_result;
       }
     }
-#ifdef USE_ECH_WOLFSSL
+#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
     else if(detail == -1) {
       /* try access a retry_config ECHConfigList for tracing */
       byte echConfigs[1000];
@@ -2282,7 +2278,7 @@ const struct Curl_ssl Curl_ssl_wolfssl = {
 #endif
   SSLSUPP_CA_PATH |
   SSLSUPP_CAINFO_BLOB |
-#ifdef USE_ECH_WOLFSSL
+#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
   SSLSUPP_ECH |
 #endif
   SSLSUPP_SSL_CTX |