sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

curl: Add an option to select the SSL/TLS backend (if available)

Browse Source 
If libcurl is built with MultiSSL support (not the case for e.g.
Debian/Ubuntu, which ship separate, conflicting libraries), this allows
selecting the SSL/TLS backend libcurl uses.
This commit is contained in:
Tobias Brunner 2023-01-13 17:17:06 +01:00
parent d11868fb38
commit 805cc3a69f
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
conf/plugins/curl.opt
View File

@ -1,3 +1,11 @@
charon.plugins.curl.redir = -1 charon.plugins.curl.redir = -1
Maximum number of redirects followed by the plugin, set to 0 to disable Maximum number of redirects followed by the plugin, set to 0 to disable
following redirects, set to -1 for no limit. following redirects, set to -1 for no limit.
charon.plugins.curl.tls_backend =
The SSL/TLS backend to configure in curl if multiple are available.
The SSL/TLS backend to configure in curl if multiple are available (requires
libcurl 7.56 or newer). A list of available options is logged on level 2 if
nothing is configured. Similar but on level 1 if the selected backend isn't
available.

59
src/libstrongswan/plugins/curl/curl_plugin.c
View File

@ -1,4 +1,5 @@
/* /*
* Copyright (C) 2023 Tobias Brunner
* Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Martin Willi
* *
* Copyright (C) secunet Security Networks AG * Copyright (C) secunet Security Networks AG
@ -152,6 +153,60 @@ METHOD(plugin_t, destroy, void,
free(this); free(this);
} }
#if LIBCURL_VERSION_NUM >= 0x073800
/**
* Configure a specific SSL backend if multiple are available
*/
static void set_ssl_backend()
{
const curl_ssl_backend **avail;
char *backend, buf[BUF_LEN] = "";
int i, len = 0, added;
backend = lib->settings->get_str(lib->settings, "%s.plugins.curl.tls_backend",
NULL, lib->ns);
switch (curl_global_sslset(-1, backend, &avail))
{
case CURLSSLSET_UNKNOWN_BACKEND:
for (i = 0; avail[i]; i++)
{
added = snprintf(buf + len, sizeof(buf) - len, " %s",
avail[i]->name);
if (added < sizeof(buf) - len)
{
len += added;
}
}
if (backend)
{
DBG1(DBG_LIB, "unsupported TLS backend '%s' in libcurl, "
"available:%s", backend, buf);
}
else
{
DBG2(DBG_LIB, "available TLS backends in libcurl:%s", buf);
}
break;
case CURLSSLSET_NO_BACKENDS:
if (backend)
{
DBG1(DBG_LIB, "unable to set TLS backend '%s', libcurl was "
"built without TLS support", backend);
}
break;
case CURLSSLSET_TOO_LATE:
if (backend)
{
DBG1(DBG_LIB, "unable to set TLS backend '%s' in libcurl, "
"already set", backend);
}
break;
case CURLSSLSET_OK:
break;
}
}
#endif
/* /*
* see header file * see header file
*/ */
@ -170,6 +225,10 @@ plugin_t *curl_plugin_create()
}, },
); );
#if LIBCURL_VERSION_NUM >= 0x073800
set_ssl_backend();
#endif
res = curl_global_init(CURL_GLOBAL_SSL); res = curl_global_init(CURL_GLOBAL_SSL);
if (res != CURLE_OK) if (res != CURLE_OK)
{ {