102 lines
3.2 KiB
Diff
102 lines
3.2 KiB
Diff
From 426b00d0587797d79806f9682b058d5c90a0ab79 Mon Sep 17 00:00:00 2001
|
|
From: Jay Satiro <raysatiro@yahoo.com>
|
|
Date: Fri, 31 Aug 2018 19:46:29 -0400
|
|
Subject: [PATCH 1/2] openssl: Fix setting TLS 1.3 cipher suites
|
|
|
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
|
|
missing.
|
|
|
|
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
|
|
Reported-by: Kamil Dudka
|
|
|
|
Closes #2926
|
|
|
|
Upstream-commit: 978574b502294ae06eb97d4f590b54ed5d24cd7f
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
lib/vtls/openssl.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
index bc46eca..fad4287 100644
|
|
--- a/lib/vtls/openssl.c
|
|
+++ b/lib/vtls/openssl.c
|
|
@@ -3804,6 +3804,9 @@ const struct Curl_ssl Curl_ssl_openssl = {
|
|
SSLSUPP_CERTINFO |
|
|
SSLSUPP_PINNEDPUBKEY |
|
|
SSLSUPP_SSL_CTX |
|
|
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
|
|
+ SSLSUPP_TLS13_CIPHERSUITES |
|
|
+#endif
|
|
SSLSUPP_HTTPS_PROXY,
|
|
|
|
sizeof(struct ssl_backend_data),
|
|
--
|
|
2.17.1
|
|
|
|
|
|
From 081afa4e2eb5e853833bd87ca43f48ab550fe657 Mon Sep 17 00:00:00 2001
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
Date: Mon, 3 Sep 2018 13:04:00 +0200
|
|
Subject: [PATCH 2/2] url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
|
|
|
|
This is a follow-up to PR #2607 and PR #2926.
|
|
|
|
Closes #2936
|
|
|
|
Upstream-commit: 52c13d6328ff56b2d2e8313e88cfdfc78acda365
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
lib/url.c | 4 ++++
|
|
lib/vtls/vtls.c | 5 ++++-
|
|
2 files changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/url.c b/lib/url.c
|
|
index 27b2c1e..46898c4 100644
|
|
--- a/lib/url.c
|
|
+++ b/lib/url.c
|
|
@@ -4356,6 +4356,10 @@ static CURLcode create_conn(struct Curl_easy *data,
|
|
data->set.str[STRING_SSL_CIPHER_LIST_ORIG];
|
|
data->set.proxy_ssl.primary.cipher_list =
|
|
data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
|
|
+ data->set.ssl.primary.cipher_list13 =
|
|
+ data->set.str[STRING_SSL_CIPHER13_LIST_ORIG];
|
|
+ data->set.proxy_ssl.primary.cipher_list13 =
|
|
+ data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
|
|
|
|
data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
|
|
data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
|
|
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
|
index bf96518..b61c640 100644
|
|
--- a/lib/vtls/vtls.c
|
|
+++ b/lib/vtls/vtls.c
|
|
@@ -96,7 +96,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
|
|
Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
|
|
Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
|
|
Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
|
|
- Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list))
|
|
+ Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
|
|
+ Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
@@ -119,6 +120,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
|
|
CLONE_STRING(random_file);
|
|
CLONE_STRING(egdsocket);
|
|
CLONE_STRING(cipher_list);
|
|
+ CLONE_STRING(cipher_list13);
|
|
|
|
return TRUE;
|
|
}
|
|
@@ -131,6 +133,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
|
|
Curl_safefree(sslc->random_file);
|
|
Curl_safefree(sslc->egdsocket);
|
|
Curl_safefree(sslc->cipher_list);
|
|
+ Curl_safefree(sslc->cipher_list13);
|
|
}
|
|
|
|
#ifdef USE_SSL
|
|
--
|
|
2.17.1
|
|
|