version: add "ECH" as a feature

If available Follow-up to a362962b7 Closes #13378
2025-04-12 16:20:35 +08:00 · 2024-04-15 17:08:16 +02:00 · 2024-04-15 17:08:16 +02:00 · 5e3fd347c5
commit 5e3fd347c5
parent a1ecd0ba6b
6 changed files with 27 additions and 0 deletions
--- a/docs/cmdline-opts/version.md
+++ b/docs/cmdline-opts/version.md
@ -46,6 +46,9 @@ curl was built with support for character set conversions (like EBCDIC)
 This curl uses a libcurl built with Debug. This enables more error-tracking
 and memory debugging etc. For curl-developers only!

+## `ECH`
+ECH support is present.
+
 ## `gsasl`
 The built-in SASL authentication includes extensions to support SCRAM because
 libcurl was built with libgsasl.
--- a/docs/libcurl/curl_version_info.md
+++ b/docs/libcurl/curl_version_info.md
@ -176,6 +176,12 @@ supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0)

 libcurl was built with debug capabilities (added in 7.10.6)

+## ECH
+
+*features* mask bit: non-existent
+
+libcurl was built with ECH support (experimental, added in 8.8.0)
+
 ## gsasl

 *features* mask bit: CURL_VERSION_GSASL
--- a/lib/version.c
+++ b/lib/version.c
@ -417,6 +417,14 @@ static int https_proxy_present(curl_version_info_data *info)
 }
 #endif

+#if defined(USE_SSL) && defined(USE_ECH)
+static int ech_present(curl_version_info_data *info)
+{
+  (void) info;
+  return Curl_ssl_supports(NULL, SSLSUPP_ECH);
+}
+#endif
+
 /*
 * Features table.
 *
@ -445,6 +453,9 @@ static const struct feat features_table[] = {
 #ifdef DEBUGBUILD
  FEATURE("Debug",       NULL,                CURL_VERSION_DEBUG),
 #endif
+#if defined(USE_SSL) && defined(USE_ECH)
+  FEATURE("ECH",         ech_present,         0),
+#endif
 #ifdef USE_GSASL
  FEATURE("gsasl",       NULL,                CURL_VERSION_GSASL),
 #endif
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -5269,6 +5269,9 @@ const struct Curl_ssl Curl_ssl_openssl = {
  SSLSUPP_SSL_CTX |
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
  SSLSUPP_TLS13_CIPHERSUITES |
+#endif
+#ifdef USE_ECH
+  SSLSUPP_ECH |
 #endif
  SSLSUPP_HTTPS_PROXY,

--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@ -37,6 +37,7 @@ struct Curl_ssl_session;
 #define SSLSUPP_HTTPS_PROXY  (1<<4) /* supports access via HTTPS proxies */
 #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
 #define SSLSUPP_CAINFO_BLOB  (1<<6)
+#define SSLSUPP_ECH          (1<<7)

 #define ALPN_ACCEPTED "ALPN: server accepted "

--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@ -1504,6 +1504,9 @@ const struct Curl_ssl Curl_ssl_wolfssl = {
 #endif
  SSLSUPP_CA_PATH |
  SSLSUPP_CAINFO_BLOB |
+#ifdef USE_ECH
+  SSLSUPP_ECH |
+#endif
  SSLSUPP_SSL_CTX,

  sizeof(struct wolfssl_ssl_backend_data),