curl: For SSL features, depend on thread-safety provided by our crypto plugins
authorMartin Willi <martin@revosec.ch>
Wed, 24 Sep 2014 11:13:19 +0000 (13:13 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 24 Sep 2014 15:35:16 +0000 (17:35 +0200)
To use SSL in curl, we need to initialize the SSL library in a thread-safe
manner and provide the appropriate callbacks. As we already do that in our
crypto plugins using these libraries, we depend on these features.

This implies that we need the same plugin enabled (openssl, gcrypt) as the
curl backend is configured to use to fetch from HTTPS URIs.

src/libstrongswan/plugins/curl/curl_plugin.c
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
src/libstrongswan/plugins/openssl/openssl_plugin.c

index 30bc5a6..8929667 100644 (file)
@@ -54,15 +54,52 @@ static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
 }
 
 /**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+                                                                char *proto, plugin_feature_t f)
+{
+       /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+       if (strpfx(ssl, "OpenSSL"))
+       {
+               add_feature(this, f);
+               add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+       }
+       else if (strpfx(ssl, "GnuTLS"))
+       {
+               add_feature(this, f);
+               add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+       }
+       else if (strpfx(ssl, "NSS"))
+       {
+               add_feature(this, f);
+       }
+       else
+       {
+               DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+                        ssl, proto);
+       }
+}
+
+/**
  * Get supported protocols, build plugin feature set
  */
 static bool query_protocols(private_curl_plugin_t *this)
 {
-       static char *protos[] = {
-               /* protocols we are interested in, suffixed with "://" */
-               "file://", "http://", "https://", "ftp://",
+
+       struct {
+               /* protocol we are interested in, suffixed with "://" */
+               char *name;
+               /* require SSL library initialization? */
+               bool ssl;
+       } protos[] = {
+               { "file://",            FALSE,  },
+               { "http://",            FALSE,  },
+               { "https://",           TRUE,   },
+               { "ftp://",                     FALSE,  },
        };
        curl_version_info_data *info;
+       char *name;
        int i, j;
 
        add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
@@ -73,12 +110,21 @@ static bool query_protocols(private_curl_plugin_t *this)
        {
                for (j = 0; j < countof(protos); j++)
                {
-                       if (strlen(info->protocols[i]) == strlen(protos[j]) - strlen("://"))
+                       name = protos[j].name;
+                       if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
                        {
-                               if (strneq(info->protocols[i], protos[j],
-                                                  strlen(protos[j]) - strlen("://")))
+                               if (strneq(info->protocols[i], name,
+                                                  strlen(name) - strlen("://")))
                                {
-                                       add_feature(this, PLUGIN_PROVIDE(FETCHER, protos[j]));
+                                       if (protos[j].ssl)
+                                       {
+                                               add_feature_with_ssl(this, info->ssl_version, name,
+                                                                       PLUGIN_PROVIDE(FETCHER, name));
+                                       }
+                                       else
+                                       {
+                                               add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+                                       }
                                }
                        }
                }
index f4254bb..480c083 100644 (file)
@@ -58,6 +58,8 @@ METHOD(plugin_t, get_features, int,
        private_gcrypt_plugin_t *this, plugin_feature_t *features[])
 {
        static plugin_feature_t f[] = {
+               /* we provide threading-safe initialization of libgcrypt */
+               PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
                /* crypters */
                PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
index a426cdc..e48efe3 100644 (file)
@@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int,
        private_openssl_plugin_t *this, plugin_feature_t *features[])
 {
        static plugin_feature_t f[] = {
+               /* we provide OpenSSL threading callbacks */
+               PLUGIN_PROVIDE(CUSTOM, "openssl-threading"),
                /* crypters */
                PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
 #ifndef OPENSSL_NO_AES