On Tue, Nov 08, 2022 at 12:56:13PM +0100, Michal Orzel wrote:
The code checking for CURLOPT_TLS13_CIPHERS option did not work
properly, because of incorrect assumption that this symbol was a
preprocessor macro. It is in fact element of enum type, which
resulted with #ifdef directive working improperly. Change replaces
compile-time verification with run-time, based on return value of
curl_easy_setopt function.
Understood, but ...
Signed-off-by: Michal Orzel <michalx.orzel(a)intel.com>
---
plugins/curl/curl.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index 9a818bfa..42b70f01 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -560,14 +560,13 @@ curl_open (int readonly)
if (ssl_cipher_list)
curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
if (tls13_ciphers) {
-#ifdef CURLOPT_TLS13_CIPHERS
- curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
-#else
- /* This is not available in, eg, RHEL 7 */
- nbdkit_error ("tls13-ciphers is not supported in this build of "
- "nbdkit-curl-plugin");
- goto err;
-#endif
+ r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
... this still fails on RHEL 7 as the enum isn't defined:
$ rpm -q curl
curl-7.29.0-59.el7.x86_64
----------------------------------------------------------------------
In file included from /usr/include/curl/curl.h:2251:0,
from curl.c:47:
curl.c: In function 'curl_open':
curl.c:563:33: error: 'CURLOPT_TLS13_CIPHERS' undeclared (first use in this
function)
r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
^
curl.c:563:33: note: each undeclared identifier is reported only once for each function it
appears in
----------------------------------------------------------------------
I think you need to check for the enum in configure.ac. Unfortunately
autoconf provides no useful facility for this so you have to use
AC_COMPILE_IFELSE :-(
Let me know if you get into any difficulties ...
Rich.
+ if (r != CURLE_OK) {
+ /* This is not available in, eg, RHEL 7 */
+ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_TLS13_CIPHERS
[%s]",
+ tls13_ciphers);
+ goto err;
+ }
}
if (tcp_keepalive)
curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
--
2.25.1
---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial
Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital
zakladowy 200.000 PLN.
Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy z dnia 8
marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze
zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o
powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub
rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the
intended recipient(s). If you are not the intended recipient, please contact the sender
and delete all copies; any review or distribution by others is strictly prohibited.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v