[PATCH] cyassl: remove undefined reference to CyaSSL_no_filesystem_verify & add support for CURLOPT_SSL_CTX_FUNCTION
Date: Sun, 22 Feb 2015 15:05:12 -0500
The attached patches remove the reference to
"CyaSSL_no_filesystem_verify", and enables CURLOPT_SSL_CTX_FUNCTION
when using CyaSSL.
1.) Remove the reference to "CyaSSL_no_filesystem_verify"
This method is not (or no longer) defined by cURL or CyaSSL. Looking
through the commit history of both cURL and CyaSSL, I was not able to
find any reference or definition to that method in any past versions.
The defined methods for loading/verifying certificates in a buffer
are CyaSSL_CTX_load_verify_buffer, CyaSSL_CTX_use_certificate_buffer,
and so on. These methods are similar to those in OpenSSL that deal
with loading/verifying certificate files, but obviously for buffers
(due to NO_FILESYSTEM).
I don't think it would be very prudent to implement loading
certificates via buffers here, as should normally be handled by the
application via a context callback (thus, the next patch).
2.) Add support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL and
better handle CyaSSL instances using NO_FILESYSTEM.
This patch adds a check for a context callback and registers the
callback in the same manner as openssl (`lib/vtls/openssl.c`). This
enables applications using CyaSSL to perform context operations with
the context instance.
If a callback is not defined, and CyaSSL is in NO_FILESYSTEM mode, it
will return an error only if CURLOPT_SSL_VERIFYPEER is true/1L (we
cannot verify a peer without any certificates loaded).
If a callback is defined, the application can load certificates into
the ssl context from buffers by using the CyaSSL context operations
etc.) within their application.
I look forward to hearing about any suggestions or improvements.
- text/x-patch attachment: 0001-cyassl-remove-undefined-reference-to-CyaSSL_no_files.patch
- text/x-patch attachment: 0002-cyassl-add-SSL-context-callback-support-for-CyaSSL.patch