cURL / Mailing Lists / curl-library / Single Mail

curl-library

WolfSSL version problems

From: Gisle Vanem <gvanem_at_yahoo.no>
Date: Thu, 26 Mar 2015 18:49:16 +0100

CyaSSL was renamed to WolfSSL some time ago. Libcurl and
vtls/cyassl.c seems to suffer from this. I got the message:

   * CyaSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, TLS 1.0
   is used exclusively

because of this:
   #if (LIBCYASSL_VERSION_HEX >= 0x03003000) /* 3.3.0 */

My CyaSSL/version.h has only:
   #define LIBWOLFSSL_VERSION_HEX 0x03004004

So I think it's better to patch that like:

--- a/vtls/cyassl.c 2015-03-25 23:39:26 +0000
+++ b/vtls/cyassl.c 2015-03-26 18:31:30 +0000
@@ -94,7 +94,8 @@
    switch(data->set.ssl.version) {
    case CURL_SSLVERSION_DEFAULT:
    case CURL_SSLVERSION_TLSv1:
-#if LIBCYASSL_VERSION_HEX >= 0x03003000 /* 3.3.0 */
+#if (LIBWOLFSSL_VERSION_HEX >= 0x03003000) || \
+ (LIBCYASSL_VERSION_HEX >= 0x03003000) /* 3.3.0 */
      /* the minimum version is set later after the SSL object is created */
      req_method = SSLv23_client_method();
  #else

---------

But there are more problems. With:
   curl -v https://www.ssllabs.com/ssltest/viewMyClient.html

I get:
   * subject alt name(s) or common name do not match "www.ssllabs.com"

I see no problem with the CERT from a trace to www.ssllabs.com.
Or in Google Chrome. Adding a '-k' helps though.

-- 
--gv
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-26