[Libguestfs] [PATCH 2/3] nbdkit/curl: added support for tls13 ciphers
From: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com>
Added tls13-ciphers parameter which translates to CURLOPT_TLS13_CIPHERS.
Signed-off-by: Karol Niczyj <karol.niczyj(a)intel.com>
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com>
---
plugins/curl/curl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index 50440bf9..2e823b3f 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -85,6 +85,7 @@ const char *proxy_user = NULL;
bool sslverify = true;
const char *ssl_version = NULL;
const char *ssl_cipher_list = NULL;
+const char *tls13_ciphers = NULL;
bool tcp_keepalive = false;
bool tcp_nodelay = true;
uint32_t timeout = 0;
@@ -309,6 +310,9 @@ curl_config (const char *key, const char *value)
else if (strcmp (key, "ssl-cipher-list") == 0)
ssl_cipher_list = value;
+ else if (strcmp (key, "tls13-ciphers") == 0)
+ tls13_ciphers = value;
+
else if (strcmp (key, "tcp-keepalive") == 0) {
r = nbdkit_parse_bool (value);
if (r == -1)
@@ -413,6 +417,7 @@ curl_config_complete (void)
"sslverify=false Do not verify SSL certificate of remote host.\n"
\
"ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \
"ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \
+ "tls13-ciphers=C1:C2:.. Specify TLS 1.3 cipher suites to be used.\n" \
"tcp-keepalive=true Enable TCP keepalives.\n" \
"tcp-nodelay=false Disable Nagle’s algorithm.\n" \
"unix-socket-path=<PATH> Open Unix domain socket instead of
TCP/IP.\n" \
@@ -550,6 +555,8 @@ curl_open (int readonly)
}
if (ssl_cipher_list)
curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
+ if (tls13_ciphers)
+ curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
if (tcp_keepalive)
curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
if (!tcp_nodelay)
--
2.26.2