Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfssl: stop custom-adding curves #3599

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -2384,7 +2384,6 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then
dnl Recent WolfSSL versions build without SSLv3 by default
dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
AC_CHECK_FUNCS(wolfSSLv3_client_method \
wolfSSL_CTX_UseSupportedCurve \
wolfSSL_get_peer_certificate \
wolfSSL_UseALPN)
else
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -67,15 +67,6 @@ and that's a problem since options.h hasn't been included yet. */
#endif
#endif

/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
supported curve extension in options.h. Note ECC is enabled separately. */
#ifndef HAVE_SUPPORTED_CURVES
#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
#define HAVE_SUPPORTED_CURVES
#endif
#endif

#include <limits.h>

#include "urldata.h"
@@ -364,16 +355,6 @@ cyassl_connect_step1(struct connectdata *conn,
}
#endif

#ifdef HAVE_SUPPORTED_CURVES
/* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
https://github.com/wolfSSL/wolfssl/issues/366
The supported curves below are those also supported by OpenSSL 1.0.2 and
in the same order. */
CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */
CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */
CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */
#endif

/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = CURLE_OK;
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.