Re: [Libguestfs] [PATCH v2] curl: Fix verification of CURLOPT_TLS13_CIPHERS
On Thu, Nov 10, 2022 at 05:17:35PM +0100, Michal Orzel wrote:
The code checking for CURLOPT_TLS13_CIPHERS option did not work
properly, because of incorrect assumption that this symbol was a
preprocessor macro. It is in fact element of enum type, which
resulted with #ifdef directive working improperly. Fix changes that
check to be based on curl version instead.
Signed-off-by: Michal Orzel <michalx.orzel(a)intel.com>
---
plugins/curl/curl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index 77f88fff..724ffd43 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -560,10 +560,11 @@ curl_open (int readonly)
if (ssl_cipher_list)
curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
if (tls13_ciphers) {
-#ifdef CURLOPT_TLS13_CIPHERS
+#if (LIBCURL_VERSION_MAJOR > 7) || \
+ (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 61)
curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
#else
- /* This is not available in, eg, RHEL 7 */
+ /* This is not available before curl-7.61 */
nbdkit_error ("tls13-ciphers is not supported in this build of "
"nbdkit-curl-plugin");
goto err;
Thanks Michal. I confirmed that this compiles on RHEL 7 and gives an
error (as expected):
$ ./nbdkit -U - curl file:///dev/null tls13-ciphers=test --run '../libnbd/run nbdinfo
$uri'
nbdkit: curl[1]: error: tls13-ciphers is not supported in this build of
nbdkit-curl-plugin
nbdkit: curl[1]: error: tls13-ciphers is not supported in this build of
nbdkit-curl-plugin
/home/rjones/d/libnbd/info/.libs/lt-nbdinfo: nbd_opt_go: server replied with error to
opt_go request: No such file or directory for the default export
/home/rjones/d/libnbd/info/.libs/lt-nbdinfo: suggestion: to list all exports on the
server, use --list
protocol: newstyle-fixed without TLS
And on Fedora it works:
$ ./nbdkit -U - curl file:///dev/null tls13-ciphers=test --run 'nbdinfo $uri'
protocol: newstyle-fixed without TLS, using structured packets
export="":
export-size: 0
content: empty
uri: nbd+unix:///?socket=/tmp/nbdkitZwdPXJ/socket
contexts:
base:allocation
is_rotational: false
is_read_only: false
can_cache: false
can_df: true
can_fast_zero: true
can_flush: false
can_fua: false
can_multi_conn: false
can_trim: false
can_zero: true
I have pushed this as commit 242757dd5c9fbf00a487ab934d67db442fe08661.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit