mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-09 06:30:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
006977859d
curl/lib/vtls/openssl.h
Viktor Szakats 006977859d
openssl: fix building with v3 no-deprecated + add CI test 
- build quictls with `no-deprecated` in CI to have test coverage for
  this OpenSSL 3 configuration.

- don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`.
  The caller code is meant for OpenSSL 3, while these two functions were
  only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3
  if built with option `no-deprecated`, causing build errors:
  ```
  vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_algorithms'; ISO C99 and later do not   support implicit function declarations [-Wimplicit-function-declaration]
  vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_digests'; ISO C99 and later do not   support implicit function declarations [-Wimplicit-function-declaration]
  ```
  Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?fullLog=true#L7667

  Regression from b6e6d4ff8f #12030
  Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669
  Reviewed-by: Alex Bozarth

- vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with
  `no-deprecated` quictls 3 builds.
  Do it by moving an existing solution for this from `vtls/openssl.c`
  to `vtls/openssl.h` and adjusting caller code.
  ```
  vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_get_peer_certificate'; did you mean   'SSL_get1_peer_certificate'? [-Wimplicit-function-declaration]
  ```
  Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178

- curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and
  `-Wunused-function` when trying to build curl with NTLM enabled but
  without the necessary TLS backend (with DES) support.

Closes #12384
2023-11-23 02:03:02 +00:00

79 lines
3.0 KiB
C
Raw Blame History

#ifndef HEADER_CURL_SSLUSE_H
#define HEADER_CURL_SSLUSE_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "curl_setup.h"
#ifdef USE_OPENSSL
/*
* This header should only be needed to get included by vtls.c, openssl.c
* and ngtcp2.c
*/
#include <openssl/ssl.h>
#include "urldata.h"
#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
#define SSL_get1_peer_certificate SSL_get_peer_certificate
#endif
/*
* In an effort to avoid using 'X509 *' here, we instead use the struct
* x509_st version of the type so that we can forward-declare it here without
* having to include <openssl/x509v3.h>. Including that header causes name
* conflicts when libcurl is built with both Schannel and OpenSSL support.
*/
struct x509_st;
CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
struct ssl_peer *peer,
struct x509_st *server_cert);
extern const struct Curl_ssl Curl_ssl_openssl;
struct ssl_ctx_st;
CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data,
struct ssl_ctx_st *ctx, char *cert_file,
const struct curl_blob *cert_blob,
const char *cert_type, char *key_file,
const struct curl_blob *key_blob,
const char *key_type, char *key_passwd);
CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl);
/**
* Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and
* easy handle `data`. Will allow reuse of a shared cache if suitable
* and configured.
*/
CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
struct Curl_easy *data,
SSL_CTX *ssl_ctx);
CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf,
struct Curl_easy *data,
SSL_CTX *ssl_ctx);
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */
Reference in New Issue View Git Blame Copy Permalink