cyassl: add SSL context callback support for CyaSSL

Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27 07:22:32 -04:00
parent 211f1e3c6b
commit d2feb71752
4 changed files with 25 additions and 4 deletions
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -201,6 +201,24 @@ cyassl_connect_step1(struct connectdata *conn,
                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
                     NULL);

+  /* give application a chance to interfere with SSL set up. */
+  if(data->set.ssl.fsslctx) {
+    CURLcode result = CURLE_OK;
+    result = (*data->set.ssl.fsslctx)(data, conssl->ctx,
+                                       data->set.ssl.fsslctxp);
+    if(result) {
+      failf(data, "error signaled by ssl ctx callback");
+      return result;
+    }
+  }
+#ifdef NO_FILESYSTEM
+  else if(data->set.ssl.verifypeer) {
+    failf(data, "CyaSSL: unable to verify certificate; no certificate",
+          " authorities registered");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+#endif
+
  /* Let's make an SSL structure */
  if(conssl->handle)
    SSL_free(conssl->handle);
--- a/lib/vtls/cyassl.h
+++ b/lib/vtls/cyassl.h
@@ -46,6 +46,9 @@ int Curl_cyassl_random(struct SessionHandle *data,
 /* Set the API backend definition to Schannel */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL

+/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */
+#define have_curlssl_ssl_ctx 1
+
 /* API setup for CyaSSL */
 #define curlssl_init Curl_cyassl_init
 #define curlssl_cleanup() Curl_nop_stmt