vtls: add SSLSUPP_CIPHER_LIST

author Jan Venekamp <1422460+jan2000@users.noreply.github.com>

Mon, 5 Aug 2024 21:52:33 +0000 (23:52 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 7 Aug 2024 06:50:42 +0000 (08:50 +0200)
author Jan Venekamp <1422460+jan2000@users.noreply.github.com>
Mon, 5 Aug 2024 21:52:33 +0000 (23:52 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 7 Aug 2024 06:50:42 +0000 (08:50 +0200)
diff --git a/lib/setopt.c b/lib/setopt.c

index c2bf89c3f0424be422bcb26eb4e9c1e4179d2dab..538bd52ad802e4a8caee8b0129908a4666b6c848 100644 (file)
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -255,15 +255,23 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
      /* deprecated */
      break;
    case CURLOPT_SSL_CIPHER_LIST:
-    /* set a list of cipher we want to use in the SSL connection */
-    result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
-                            va_arg(param, char *));
+    if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) {
+      /* set a list of cipher we want to use in the SSL connection */
+      result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
+                              va_arg(param, char *));
+    }
+    else
+      return CURLE_NOT_BUILT_IN;
      break;
  #ifndef CURL_DISABLE_PROXY
    case CURLOPT_PROXY_SSL_CIPHER_LIST:
-    /* set a list of cipher we want to use in the SSL connection for proxy */
-    result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY],
-                            va_arg(param, char *));
+    if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) {
+      /* set a list of cipher we want to use in the SSL connection for proxy */
+      result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY],
+                              va_arg(param, char *));
+    }
+    else
+      return CURLE_NOT_BUILT_IN;
      break;
  #endif
    case CURLOPT_TLS13_CIPHERS:
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c

index 4089e8577dc851366ce05b73a0497a8c0e99736d..edd6ca90cc26213b49b78b13cf892a56c3f42b34 100644 (file)
--- a/lib/vtls/bearssl.c
+++ b/lib/vtls/bearssl.c
@@ -1113,7 +1113,12 @@ static CURLcode bearssl_sha256sum(const unsigned char *input,
  
  const struct Curl_ssl Curl_ssl_bearssl = {
    { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
-  SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX | SSLSUPP_HTTPS_PROXY,
+
+  SSLSUPP_CAINFO_BLOB |
+  SSLSUPP_SSL_CTX |
+  SSLSUPP_HTTPS_PROXY |
+  SSLSUPP_CIPHER_LIST,
+
    sizeof(struct bearssl_ssl_backend_data),
  
    Curl_none_init,                  /* init */
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c

index 5b8904b8d01a85125ceffc809dc8483ec7267607..741cc7c7c64a4a6ee9ce3bb49b3cff18838ea007 100644 (file)
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1726,7 +1726,8 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
  #ifdef TLS13_SUPPORT
    SSLSUPP_TLS13_CIPHERSUITES |
  #endif
-  SSLSUPP_HTTPS_PROXY,
+  SSLSUPP_HTTPS_PROXY |
+  SSLSUPP_CIPHER_LIST,
  
    sizeof(struct mbed_ssl_backend_data),
  
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 8754d35dcd5bf25823e22e0935af31db2f0ac1ce..671299d43d5fb9365909813427efe1d729ef3924 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5212,7 +5212,8 @@ const struct Curl_ssl Curl_ssl_openssl = {
    SSLSUPP_ECH |
  #endif
    SSLSUPP_CA_CACHE |
-  SSLSUPP_HTTPS_PROXY,
+  SSLSUPP_HTTPS_PROXY |
+  SSLSUPP_CIPHER_LIST,
  
    sizeof(struct ossl_ctx),
  
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c

index 4d3990a0c0002dbefe87e06c29d8a95231a1beb7..f6c17406a25543a4439f246cb8ab767303aedc0f 100644 (file)
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -2969,7 +2969,8 @@ const struct Curl_ssl Curl_ssl_schannel = {
  #endif
    SSLSUPP_TLS13_CIPHERSUITES |
    SSLSUPP_CA_CACHE |
-  SSLSUPP_HTTPS_PROXY,
+  SSLSUPP_HTTPS_PROXY |
+  SSLSUPP_CIPHER_LIST,
  
    sizeof(struct schannel_ssl_backend_data),
  
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c

index 688027ce7db4cf3baf8a79c04d09ab43d26d4a78..b7e6f7e2bd6e7355fbb1bc7ee4d48fc4a1ecfa32 100644 (file)
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -2888,7 +2888,8 @@ const struct Curl_ssl Curl_ssl_sectransp = {
  #ifdef SECTRANSP_PINNEDPUBKEY
    SSLSUPP_PINNEDPUBKEY |
  #endif /* SECTRANSP_PINNEDPUBKEY */
-  SSLSUPP_HTTPS_PROXY,
+  SSLSUPP_HTTPS_PROXY |
+  SSLSUPP_CIPHER_LIST,
  
    sizeof(struct st_ssl_backend_data),
  
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h

index 49a5eb053b7d9b5ca2579f1f0c90491b64225d85..2f6ed6b538c6ef9da912178ea70e21c79bcb0acf 100644 (file)
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -39,6 +39,7 @@ struct Curl_ssl_session;
  #define SSLSUPP_CAINFO_BLOB  (1<<6)
  #define SSLSUPP_ECH          (1<<7)
  #define SSLSUPP_CA_CACHE     (1<<8)
+#define SSLSUPP_CIPHER_LIST  (1<<9) /* supports TLS 1.0-1.2 ciphersuites */
  
  #define ALPN_ACCEPTED "ALPN: server accepted "
  
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c

index 2ef0af661017c047558afdd3c3c0e042f6e0a617..e14a6da319af10b124d6782a85ebd48e13db0247 100644 (file)
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -1918,7 +1918,8 @@ const struct Curl_ssl Curl_ssl_wolfssl = {
  #ifdef WOLFSSL_TLS13
    SSLSUPP_TLS13_CIPHERSUITES |
  #endif
-  SSLSUPP_CA_CACHE,
+  SSLSUPP_CA_CACHE |
+  SSLSUPP_CIPHER_LIST,
  
    sizeof(struct wolfssl_ctx),
author	Jan Venekamp <1422460+jan2000@users.noreply.github.com>
	Mon, 5 Aug 2024 21:52:33 +0000 (23:52 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 7 Aug 2024 06:50:42 +0000 (08:50 +0200)
lib/setopt.c		patch \| blob \| blame \| history
lib/vtls/bearssl.c		patch \| blob \| blame \| history
lib/vtls/mbedtls.c		patch \| blob \| blame \| history
lib/vtls/openssl.c		patch \| blob \| blame \| history
lib/vtls/schannel.c		patch \| blob \| blame \| history
lib/vtls/sectransp.c		patch \| blob \| blame \| history
lib/vtls/vtls.h		patch \| blob \| blame \| history
lib/vtls/wolfssl.c		patch \| blob \| blame \| history