mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-18 14:04:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

urldata: remove fields not used depending on used features

Browse Source 
Reduced size of dynamically_allocated_data structure.

Reduced number of stored values in enum dupstring and enum dupblob. This
affects the reduced array placed in the UserDefined structure.

Closes #13188
This commit is contained in:
MAntoniak 2024-03-26 00:19:23 +01:00 committed by Daniel Stenberg
parent 11d27cf341
commit f46385d36d
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
14 changed files with 157 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/c-hyper.c
View File

@ -980,11 +980,13 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
goto error;
}
#ifndef CURL_DISABLE_PROXY
if(data->state.aptr.proxyuserpwd) {
result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd);
if(result)
goto error;
}
#endif
if(data->state.aptr.userpwd) {
result = Curl_hyper_header(data, headers, data->state.aptr.userpwd);
@ -1137,7 +1139,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
/* clear userpwd and proxyuserpwd to avoid reusing old credentials
* from reused connections */
Curl_safefree(data->state.aptr.userpwd);
#ifndef CURL_DISABLE_PROXY
Curl_safefree(data->state.aptr.proxyuserpwd);
#endif
return CURLE_OK;
error:
DEBUGASSERT(result);

4
lib/getinfo.c
View File

@ -161,7 +161,11 @@ static CURLcode getinfo_char(struct Curl_easy *data, CURLINFO info,
*param_charp = data->info.primary.local_ip;
break;
case CURLINFO_RTSP_SESSION_ID:
#ifndef CURL_DISABLE_RTSP
*param_charp = data->set.str[STRING_RTSP_SESSION_ID];
#else
*param_charp = NULL;
#endif
break;
case CURLINFO_SCHEME:
*param_charp = data->info.conn_scheme;

6
lib/http.c
View File

@ -2684,8 +2684,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
httpstring,
(data->state.aptr.host?data->state.aptr.host:""),
#ifndef CURL_DISABLE_PROXY
data->state.aptr.proxyuserpwd?
data->state.aptr.proxyuserpwd:"",
#else
"",
#endif
data->state.aptr.userpwd?data->state.aptr.userpwd:"",
(data->state.use_range && data->state.aptr.rangeline)?
data->state.aptr.rangeline:"",
@ -2719,7 +2723,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
/* clear userpwd and proxyuserpwd to avoid reusing old credentials
* from reused connections */
Curl_safefree(data->state.aptr.userpwd);
#ifndef CURL_DISABLE_PROXY
Curl_safefree(data->state.aptr.proxyuserpwd);
#endif
free(altused);
if(result) {

23
lib/http_negotiate.c
View File

@ -120,16 +120,29 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
CURLcode Curl_output_negotiate(struct Curl_easy *data,
struct connectdata *conn, bool proxy)
{
struct negotiatedata *neg_ctx = proxy ? &conn->proxyneg :
&conn->negotiate;
struct auth *authp = proxy ? &data->state.authproxy : &data->state.authhost;
curlnegotiate *state = proxy ? &conn->proxy_negotiate_state :
&conn->http_negotiate_state;
struct negotiatedata *neg_ctx;
struct auth *authp;
curlnegotiate *state;
char *base64 = NULL;
size_t len = 0;
char *userp;
CURLcode result;
if(proxy) {
#ifndef CURL_DISABLE_PROXY
neg_ctx = &conn->proxyneg;
authp = &data->state.authproxy;
state = &conn->proxy_negotiate_state;
#else
return CURLE_NOT_BUILT_IN;
#endif
}
else {
neg_ctx = &conn->negotiate;
authp = &data->state.authhost;
state = &conn->http_negotiate_state;
}
authp->done = FALSE;
if(*state == GSS_AUTHRECV) {

2
lib/rtsp.c
View File

@ -393,7 +393,9 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
if(result)
goto out;
#ifndef CURL_DISABLE_PROXY
p_proxyuserpwd = data->state.aptr.proxyuserpwd;
#endif
p_userpwd = data->state.aptr.userpwd;
/* Referrer */

2
lib/setopt.c
View File

@ -1320,6 +1320,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.ftpsslauth = (unsigned char)(curl_ftpauth)arg;
break;
#ifdef HAVE_GSSAPI
case CURLOPT_KRBLEVEL:
/*
* A string that defines the kerberos security level.
@ -1329,6 +1330,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.krb = !!(data->set.str[STRING_KRB_LEVEL]);
break;
#endif
#endif
#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
case CURLOPT_FTP_CREATE_MISSING_DIRS:
/*

2
lib/transfer.c
View File

@ -705,12 +705,14 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
if(!result)
result = Curl_setstropt(&data->state.aptr.passwd,
data->set.str[STRING_PASSWORD]);
#ifndef CURL_DISABLE_PROXY
if(!result)
result = Curl_setstropt(&data->state.aptr.proxyuser,
data->set.str[STRING_PROXYUSERNAME]);
if(!result)
result = Curl_setstropt(&data->state.aptr.proxypasswd,
data->set.str[STRING_PROXYPASSWORD]);
#endif
data->req.headerbytecount = 0;
Curl_headers_cleanup(data);

18
lib/url.c
View File

@ -278,10 +278,12 @@ CURLcode Curl_close(struct Curl_easy **datap)
up_free(data);
Curl_dyn_free(&data->state.headerb);
Curl_flush_cookies(data, TRUE);
#ifndef CURL_DISABLE_ALTSVC
Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]);
Curl_altsvc_cleanup(&data->asi);
Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
#endif
#ifndef CURL_DISABLE_HSTS
Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
if(!data->share || !data->share->hsts)
Curl_hsts_cleanup(&data->hsts);
curl_slist_free_all(data->state.hstslist); /* clean up list */
@ -305,7 +307,9 @@ CURLcode Curl_close(struct Curl_easy **datap)
Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
}
#ifndef CURL_DISABLE_PROXY
Curl_safefree(data->state.aptr.proxyuserpwd);
#endif
Curl_safefree(data->state.aptr.uagent);
Curl_safefree(data->state.aptr.userpwd);
Curl_safefree(data->state.aptr.accept_encoding);
@ -313,12 +317,18 @@ CURLcode Curl_close(struct Curl_easy **datap)
Curl_safefree(data->state.aptr.rangeline);
Curl_safefree(data->state.aptr.ref);
Curl_safefree(data->state.aptr.host);
#ifndef CURL_DISABLE_COOKIES
Curl_safefree(data->state.aptr.cookiehost);
#endif
#ifndef CURL_DISABLE_RTSP
Curl_safefree(data->state.aptr.rtsp_transport);
#endif
Curl_safefree(data->state.aptr.user);
Curl_safefree(data->state.aptr.passwd);
#ifndef CURL_DISABLE_PROXY
Curl_safefree(data->state.aptr.proxyuser);
Curl_safefree(data->state.aptr.proxypasswd);
#endif
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_FORM_API)
Curl_mime_cleanpart(data->state.formp);
@ -429,20 +439,22 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE);
if(result)
return result;
#ifndef CURL_DISABLE_PROXY
result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY],
CURL_CA_BUNDLE);
if(result)
return result;
#endif
#endif
#if defined(CURL_CA_PATH)
result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], CURL_CA_PATH);
if(result)
return result;
#ifndef CURL_DISABLE_PROXY
result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
if(result)
return result;
#endif
#endif
}

120
lib/urldata.h
View File

@ -1327,22 +1327,28 @@ struct UrlState {
/* Dynamically allocated strings, MUST be freed before this struct is
killed. */
struct dynamically_allocated_data {
char *proxyuserpwd;
char *uagent;
char *accept_encoding;
char *userpwd;
char *rangeline;
char *ref;
char *host;
#ifndef CURL_DISABLE_COOKIES
char *cookiehost;
#endif
#ifndef CURL_DISABLE_RTSP
char *rtsp_transport;
#endif
char *te; /* TE: request header */
/* transfer credentials */
char *user;
char *passwd;
#ifndef CURL_DISABLE_PROXY
char *proxyuserpwd;
char *proxyuser;
char *proxypasswd;
#endif
} aptr;
unsigned char httpwant; /* when non-zero, a specific HTTP version requested
@ -1407,95 +1413,125 @@ struct UrlState {
struct Curl_multi; /* declared in multihandle.c */
/*
* This enumeration MUST not use conditional directives (#ifdefs), new
* null terminated strings MUST be added to the enumeration immediately
* before STRING_LASTZEROTERMINATED, binary fields immediately before
* STRING_LAST. When doing so, ensure that the packages/OS400/chkstring.c
* test is updated and applicable changes for EBCDIC to ASCII conversion
* are catered for in curl_easy_setopt_ccsid()
*/
enum dupstring {
STRING_CERT, /* client certificate file name */
STRING_CERT_PROXY, /* client certificate file name */
STRING_CERT_TYPE, /* format for certificate (default: PEM)*/
STRING_KEY, /* private key file name */
STRING_KEY_PASSWD, /* plain text private key password */
STRING_KEY_TYPE, /* format for private key (default: PEM) */
STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE, /* certificate file to verify peer against */
STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */
STRING_SSL_CRLFILE, /* crl file to check certificate */
STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
STRING_SERVICE_NAME, /* Service name */
#ifndef CURL_DISABLE_PROXY
STRING_CERT_PROXY, /* client certificate file name */
STRING_CERT_TYPE_PROXY, /* format for certificate (default: PEM)*/
STRING_KEY_PROXY, /* private key file name */
STRING_KEY_PASSWD_PROXY, /* plain text private key password */
STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */
STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */
STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */
STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */
STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */
STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
STRING_PROXY_SERVICE_NAME, /* Proxy service name */
#endif
#ifndef CURL_DISABLE_COOKIES
STRING_COOKIE, /* HTTP cookie string to send */
STRING_COOKIEJAR, /* dump all cookies to this file */
#endif
STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */
STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL doesn't specify */
STRING_DEVICE, /* local network interface/address to use */
STRING_ENCODING, /* Accept-Encoding string */
#ifndef CURL_DISABLE_FTP
STRING_FTP_ACCOUNT, /* ftp account data */
STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */
STRING_FTPPORT, /* port to send with the FTP PORT command */
STRING_KEY, /* private key file name */
STRING_KEY_PROXY, /* private key file name */
STRING_KEY_PASSWD, /* plain text private key password */
STRING_KEY_PASSWD_PROXY, /* plain text private key password */
STRING_KEY_TYPE, /* format for private key (default: PEM) */
STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */
#endif
#if defined(HAVE_GSSAPI)
STRING_KRB_LEVEL, /* krb security level */
#endif
#ifndef CURL_DISABLE_NETRC
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
#endif
#ifndef CURL_DISABLE_PROXY
STRING_PROXY, /* proxy to use */
STRING_PRE_PROXY, /* pre socks proxy to use */
#endif
STRING_SET_RANGE, /* range, if used */
STRING_SET_REFERER, /* custom string for the HTTP referer field */
STRING_SET_URL, /* what original URL to work on */
STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE, /* certificate file to verify peer against */
STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */
STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */
STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */
STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */
STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */
STRING_USERAGENT, /* User-Agent string */
STRING_SSL_CRLFILE, /* crl file to check certificate */
STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
STRING_SSL_ENGINE, /* name of ssl engine */
STRING_USERNAME, /* <username>, if used */
STRING_PASSWORD, /* <password>, if used */
STRING_OPTIONS, /* <options>, if used */
#ifndef CURL_DISABLE_PROXY
STRING_PROXYUSERNAME, /* Proxy <username>, if used */
STRING_PROXYPASSWORD, /* Proxy <password>, if used */
STRING_NOPROXY, /* List of hosts which should not use the proxy, if
used */
#endif
#ifndef CURL_DISABLE_RTSP
STRING_RTSP_SESSION_ID, /* Session ID to use */
STRING_RTSP_STREAM_URI, /* Stream URI for this request */
STRING_RTSP_TRANSPORT, /* Transport for this session */
#endif
#ifdef USE_SSH
STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */
STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */
STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
STRING_PROXY_SERVICE_NAME, /* Proxy service name */
STRING_SERVICE_NAME, /* Service name */
#endif
#ifndef CURL_DISABLE_SMTP
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
#endif
#ifdef USE_TLS_SRP
STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth <username> */
STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
#ifndef CURL_DISABLE_PROXY
STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth <username> */
STRING_TLSAUTH_PASSWORD_PROXY, /* TLS auth <password> */
#endif
#endif
STRING_BEARER, /* <bearer>, if used */
#ifdef USE_UNIX_SOCKETS
STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */
#endif
STRING_TARGET, /* CURLOPT_REQUEST_TARGET */
#ifndef CURL_DISABLE_DOH
STRING_DOH, /* CURLOPT_DOH_URL */
#endif
#ifndef CURL_DISABLE_ALTSVC
STRING_ALTSVC, /* CURLOPT_ALTSVC */
#endif
#ifndef CURL_DISABLE_HSTS
STRING_HSTS, /* CURLOPT_HSTS */
#endif
STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */
#ifdef USE_ARES
STRING_DNS_SERVERS,
STRING_DNS_INTERFACE,
STRING_DNS_LOCAL_IP4,
STRING_DNS_LOCAL_IP6,
#endif
STRING_SSL_EC_CURVES,
#ifndef CURL_DISABLE_AWS
STRING_AWS_SIGV4, /* Parameters for V4 signature */
#endif
#ifndef CURL_DISABLE_PROXY
STRING_HAPROXY_CLIENT_IP, /* CURLOPT_HAPROXY_CLIENT_IP */
#endif
/* -- end of null-terminated strings -- */
@ -1510,13 +1546,15 @@ enum dupstring {
enum dupblob {
BLOB_CERT,
BLOB_CERT_PROXY,
BLOB_KEY,
BLOB_KEY_PROXY,
BLOB_SSL_ISSUERCERT,
BLOB_SSL_ISSUERCERT_PROXY,
BLOB_CAINFO,
#ifndef CURL_DISABLE_PROXY
BLOB_CERT_PROXY,
BLOB_KEY_PROXY,
BLOB_SSL_ISSUERCERT_PROXY,
BLOB_CAINFO_PROXY,
#endif
BLOB_LAST
};
@ -1735,7 +1773,9 @@ struct UserDefined {
BIT(cookiesession); /* new cookie session? */
#endif
BIT(crlf); /* convert crlf on ftp upload(?) */
#ifdef USE_SSH
BIT(ssh_compression); /* enable SSH compression */
#endif
/* Here follows boolean settings that define how to behave during
this session. They are STATIC, set by libcurl users or at least initially
@ -1745,7 +1785,9 @@ struct UserDefined {
don't want lengthy cleanups to delay termination,
e.g. after a DNS timeout */
BIT(get_filetime); /* get the time and get of the remote file */
#ifndef CURL_DISABLE_PROXY
BIT(tunnel_thru_httpproxy); /* use CONNECT through an HTTP proxy */
#endif
BIT(prefer_ascii); /* ASCII rather than binary */
BIT(remote_append); /* append, not overwrite, on upload */
#ifdef CURL_LIST_ONLY_PROTOCOL
@ -1772,7 +1814,9 @@ struct UserDefined {
location: */
BIT(opt_no_body); /* as set with CURLOPT_NOBODY */
BIT(verbose); /* output verbosity */
#if defined(HAVE_GSSAPI)
BIT(krb); /* Kerberos connection requested */
#endif
BIT(reuse_forbid); /* forbidden to be reused, close after use */
BIT(reuse_fresh); /* do not reuse an existing connection */
BIT(no_signal); /* do not use any signal/alarm handler */
@ -1797,9 +1841,13 @@ struct UserDefined {
BIT(suppress_connect_headers); /* suppress proxy CONNECT response headers
from user callbacks */
BIT(dns_shuffle_addresses); /* whether to shuffle addresses before use */
#ifndef CURL_DISABLE_PROXY
BIT(haproxyprotocol); /* whether to send HAProxy PROXY protocol v1
header */
#endif
#ifdef USE_UNIX_SOCKETS
BIT(abstract_unix_socket);
#endif
BIT(disallow_username_in_url); /* disallow username in url */
#ifndef CURL_DISABLE_DOH
BIT(doh); /* DNS-over-HTTPS enabled */

4
lib/vtls/gtls.c
View File

@ -1245,9 +1245,13 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf,
struct ssl_connect_data *connssl = cf->ctx;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
#ifndef CURL_DISABLE_PROXY
const char *pinned_key = Curl_ssl_cf_is_proxy(cf)?
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#else
const char *pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#endif
CURLcode result;
result = Curl_gtls_verifyserver(data, session, conn_config, ssl_config,

4
lib/vtls/mbedtls.c
View File

@ -752,9 +752,13 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
(struct mbed_ssl_backend_data *)connssl->backend;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
const mbedtls_x509_crt *peercert;
#ifndef CURL_DISABLE_PROXY
const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#else
const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#endif
DEBUGASSERT(backend);

4
lib/vtls/openssl.c
View File

@ -4412,9 +4412,13 @@ static CURLcode servercert(struct Curl_cfilter *cf,
/* when not strict, we don't bother about the verify cert problems */
result = CURLE_OK;
#ifndef CURL_DISABLE_PROXY
ptr = Curl_ssl_cf_is_proxy(cf)?
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#else
ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#endif
if(!result && ptr) {
result = ossl_pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
if(result)

4
lib/vtls/schannel.c
View File

@ -1569,9 +1569,13 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
DEBUGF(infof(data, "schannel: SSL/TLS handshake complete"));
}
#ifndef CURL_DISABLE_PROXY
pubkey_ptr = Curl_ssl_cf_is_proxy(cf)?
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#else
pubkey_ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#endif
if(pubkey_ptr) {
result = schannel_pkp_pin_peer_pubkey(cf, data, pubkey_ptr);
if(result) {

4
lib/vtls/wolfssl.c
View File

@ -756,9 +756,13 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
struct wolfssl_ssl_backend_data *backend =
(struct wolfssl_ssl_backend_data *)connssl->backend;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
#ifndef CURL_DISABLE_PROXY
const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#else
const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
#endif
DEBUGASSERT(backend);