http: fix curl ssl version #3083
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CURL_SSLVERSION_TLSv1_* are not defines, hence need proper detection. Due to the bug, some of the ssl-version options were not available for the user. Signed-off-by: Antal Nemes <antal.nemes.hu@gmail.com>
Prior this patch, we only emitted a warning, otherwise went as default. This warnig is easy to be overlooked, and has effect on security. From now, syslog-ng will not start in this case. Signed-off-by: Antal Nemes <antal.nemes.hu@gmail.com>
|
Build SUCCESS |
szemere
approved these changes
Jan 20, 2020
alltilla
reviewed
Jan 20, 2020
There was a problem hiding this comment.
It might be easier to use, and maintain the code with #if CURL_AT_LEAST_VERSION(..., ..., ...)
We only have to check for 2 different versions: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
lbudai
approved these changes
Jan 20, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some
ssl-versionoptions were not accepted by http destination, even though they should have been:The reason was that the used compiler switches did not exist. They were an enum instead.
Hence the relevant code was disabled.
The previous behaviour was that syslog-ng starts no matter what was the
ssl-version, just emit a warning if something unexpected is detected.This patch fixes:
ssl-versionstring was added.This latter might break some existing configuration: if users accidentally mistyped the option, syslog-ng will not start. I think this is acceptable, considering, this options specifies the minimum version of used ssl version, and thus might have security impact.