Re: [PATCH] cyassl: remove undefined reference to CyaSSL_no_filesystem_verify & add support for CURLOPT_SSL_CTX_FUNCTION
Date: Thu, 26 Mar 2015 02:22:33 -0400
On 3/25/2015 12:10 PM, Kyle L. Huff wrote:
> On Sun, Feb 22, 2015 at 3:05 PM, Kyle L. Huff <kyle.huff_at_curetheitch.com> wrote:
>> The attached patches remove the reference to
>> "CyaSSL_no_filesystem_verify", and enables CURLOPT_SSL_CTX_FUNCTION
>> when using CyaSSL.
> I would like to gauge if there is any interest in implementing the
> above mentioned changes in cURL.
> I realize that this is a very low priority, and I am just trying to
> identify if I will need to maintain local patches within my projects
> own build system.
> My argument(s) for inclusion -
> Patch 1 -
> The changes in the first patch only affect those using CyaSSL and
> NO_FILESYSTEM, so it probably only matters to a very small number of
> users - maybe only me. Given this very small impact, my only arguments
> for patch 1 are -
> 1.) The original code (appears to me) to be incorrect (undefined references)
> 2.) Portability when using CyaSSL (systems without a filesystem)
I think your original e-mail slipped through the cracks. It can be found
at  if anyone is interested.
It appears this issue has come up before, I found a 2011 bug thread at
. Refer to Dan Fandrich's comment about libcurl requiring a CyaSSL
compiled without NO_FILESYSTEM. Aside from the issue covered in your
patch you are able to use libcurl and CyaSSL NO_FILESYSTEM without any
> Patch 2 -
> This implements context callback functionality when using CyaSSL,
> which has a potentially wider audience/impact, and my arguments are -
> 1.) Consistency with the usage of other SSL libraries
> 2.) Versatility
This seems like a good idea and it looks like you are not the first .
Did you test it, does it work for you? You'll need to adjust the
documentation in the following two files to say it works for OpenSSL and
If a NO_FILESYSTEM really does require a CTX function (just my guess)
then I would do it differently. What I would do is combine your two
patches into one and redo it so you get rid of the
CyaSSL_no_filesystem_verify in the #else block and replace it with
something like this:
existing stuff is here
failf(data,"SSL: CyaSSL no-filesystem requires
and the block that calls the callback is fine just get rid of that extra
NO_FILESYSTEM check now since it's covered above.
> None of those are really very strong arguments for inclusion, the
> entire matter is rather insignificant. Again, I am just trying to plan
It's not insignificant, thanks for the follow up.
List admin: http://cool.haxx.se/list/listinfo/curl-library
Received on 2015-03-26