And what about checking curl version (LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR)
instead? That option was introduced in version 7.61, and I see that You're using
7.21.
Please verify the second version if it would do its job.
Best regards,
Michał Orzeł
-----Original Message-----
From: Richard W.M. Jones <rjones(a)redhat.com>
Sent: Tuesday, November 8, 2022 5:06 PM
To: Orzel, MichalX <michalx.orzel(a)intel.com>
Cc: libguestfs(a)redhat.com
Subject: Re: [PATCH] curl: Fix verification of CURLOPT_TLS13_CIPHERS
On Tue, Nov 08, 2022 at 12:56:13PM +0100, Michal Orzel wrote:
The code checking for CURLOPT_TLS13_CIPHERS option did not work
properly, because of incorrect assumption that this symbol was a
preprocessor macro. It is in fact element of enum type, which resulted
with #ifdef directive working improperly. Change replaces compile-time
verification with run-time, based on return value of curl_easy_setopt
function.
Understood, but ...
Signed-off-by: Michal Orzel <michalx.orzel(a)intel.com>
---
plugins/curl/curl.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c index
9a818bfa..42b70f01 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -560,14 +560,13 @@ curl_open (int readonly)
if (ssl_cipher_list)
curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
if (tls13_ciphers) {
-#ifdef CURLOPT_TLS13_CIPHERS
- curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
-#else
- /* This is not available in, eg, RHEL 7 */
- nbdkit_error ("tls13-ciphers is not supported in this build of "
- "nbdkit-curl-plugin");
- goto err;
-#endif
+ r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS,
+ tls13_ciphers);
... this still fails on RHEL 7 as the enum isn't defined:
$ rpm -q curl
curl-7.29.0-59.el7.x86_64
----------------------------------------------------------------------
In file included from /usr/include/curl/curl.h:2251:0,
from curl.c:47:
curl.c: In function 'curl_open':
curl.c:563:33: error: 'CURLOPT_TLS13_CIPHERS' undeclared (first use in this
function)
r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
^
curl.c:563:33: note: each undeclared identifier is reported only once for each function it
appears in
----------------------------------------------------------------------
I think you need to check for the enum in configure.ac. Unfortunately autoconf provides
no useful facility for this so you have to use AC_COMPILE_IFELSE :-(
Let me know if you get into any difficulties ...
Rich.
+ if (r != CURLE_OK) {
+ /* This is not available in, eg, RHEL 7 */
+ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_TLS13_CIPHERS
[%s]",
+ tls13_ciphers);
+ goto err;
+ }
}
if (tcp_keepalive)
curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
--
2.25.1
---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial
Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital
zakladowy 200.000 PLN.
Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy z dnia 8
marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze
zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o
powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub
rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the
intended recipient(s). If you are not the intended recipient, please contact the sender
and delete all copies; any review or distribution by others is strictly prohibited.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones Read my
programming and virtualization blog:
http://rwmj.wordpress.com virt-p2v converts physical
machines to virtual machines. Boot with a live CD or over the network (PXE) and turn
machines into KVM guests.
http://libguestfs.org/virt-v2v
---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy
Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000
PLN.
Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy z dnia 8
marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze
zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o
powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub
rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the
intended recipient(s). If you are not the intended recipient, please contact the sender
and delete all copies; any review or distribution by others is strictly prohibited.