From 756c393abb5abb1cd13e646cfc3d78b5d90b10a5 Mon Sep 17 00:00:00 2001 From: John Mark Bell Date: Sat, 21 Feb 2009 02:46:47 +0000 Subject: Given that the build-time SSL detection can be somewhat inaccurate, attempt to determine whether we can use the SSL_CTX stuff at runtime. svn path=/trunk/netsurf/; revision=6586 --- content/fetchers/fetch_curl.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'content/fetchers') diff --git a/content/fetchers/fetch_curl.c b/content/fetchers/fetch_curl.c index 30ba73403..d5182187d 100644 --- a/content/fetchers/fetch_curl.c +++ b/content/fetchers/fetch_curl.c @@ -102,6 +102,9 @@ CURLM *fetch_curl_multi; /**< Global cURL multi handle. */ static CURL *fetch_blank_curl; static struct cache_handle *curl_handle_ring = 0; /**< Ring of cached handles */ static int curl_fetchers_registered = 0; +#ifdef WITH_SSL +static bool curl_with_openssl; +#endif static char fetch_error_buffer[CURL_ERROR_SIZE]; /**< Error buffer for cURL. */ static char fetch_progress_buffer[256]; /**< Progress buffer for cURL */ @@ -211,6 +214,16 @@ void fetch_curl_register(void) if (option_ca_path && strcmp(option_ca_path, "")) SETOPT(CURLOPT_CAPATH, option_ca_path); +#ifdef WITH_SSL + /* Detect whether the SSL CTX function API works */ + curl_with_openssl = true; + code = curl_easy_setopt(fetch_blank_curl, + CURLOPT_SSL_CTX_FUNCTION, NULL); + if (code != CURLE_OK) { + curl_with_openssl = false; + } +#endif + /* cURL initialised okay, register the fetchers */ data = curl_version_info(CURLVERSION_NOW); @@ -595,14 +608,18 @@ fetch_curl_set_options(struct curl_fetch_info *f) /* Disable certificate verification */ SETOPT(CURLOPT_SSL_VERIFYPEER, 0L); SETOPT(CURLOPT_SSL_VERIFYHOST, 0L); - SETOPT(CURLOPT_SSL_CTX_FUNCTION, NULL); - SETOPT(CURLOPT_SSL_CTX_DATA, NULL); + if (curl_with_openssl) { + SETOPT(CURLOPT_SSL_CTX_FUNCTION, NULL); + SETOPT(CURLOPT_SSL_CTX_DATA, NULL); + } } else { /* do verification */ SETOPT(CURLOPT_SSL_VERIFYPEER, 1L); SETOPT(CURLOPT_SSL_VERIFYHOST, 2L); - SETOPT(CURLOPT_SSL_CTX_FUNCTION, fetch_curl_sslctxfun); - SETOPT(CURLOPT_SSL_CTX_DATA, f); + if (curl_with_openssl) { + SETOPT(CURLOPT_SSL_CTX_FUNCTION, fetch_curl_sslctxfun); + SETOPT(CURLOPT_SSL_CTX_DATA, f); + } } #endif -- cgit v1.2.3