curl: Don't ignore unknown SSL/TLS backends

Only older versions of OpenSSL and GnuTLS need special treatment, so we now accept all other backends (e.g. "(SecureTransport) OpenSSL/1.1.1s" on macOS). Whenever we remove support for the affected versions of the mentioned libraries, we can remove the corresponding *-threading plugin feature and the code here.
2025-10-03 00:00:24 -04:00 · 2023-01-13 17:11:50 +01:00 · 2023-01-13 17:11:50 +01:00 · d11868fb38
commit d11868fb38
parent e99de2aee9
1 changed files with 4 additions and 8 deletions
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@ -60,7 +60,9 @@ static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
 static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
 								 char *proto, plugin_feature_t f)
 {
-	/* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+	/* according to https://curl.se/libcurl/c/threadsafe.html there is only an
+	 * issue with thread-safety with older versions of OpenSSL (<= 1.0.2) and
+	 * GnuTLS (< 1.6.0), so we just accept all other SSL backends */
 	if (strpfx(ssl, "OpenSSL") || strpfx(ssl, "LibreSSL"))
 	{
 		add_feature(this, f);
@ -71,15 +73,9 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
 		add_feature(this, f);
 		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
 	}
-	else if (strpfx(ssl, "NSS") ||
-			 strpfx(ssl, "BoringSSL"))
-	{
-		add_feature(this, f);
-	}
 	else
 	{
-		DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
-			 ssl, proto);
+		add_feature(this, f);
 	}
 }