Overview

File 0026-curl-For-SSL-features-depend-on-thread-safety-provid.patch of Package strongswan.22505

From a336aefa896cc830ee4c10eb697bde2b0ad61764 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 24 Sep 2014 13:13:19 +0200
Subject: [PATCH 0001/3687] curl: For SSL features, depend on thread-safety
 provided by our crypto plugins

To use SSL in curl, we need to initialize the SSL library in a thread-safe
manner and provide the appropriate callbacks. As we already do that in our
crypto plugins using these libraries, we depend on these features.

This implies that we need the same plugin enabled (openssl, gcrypt) as the
curl backend is configured to use to fetch from HTTPS URIs.
---
 src/libstrongswan/plugins/curl/curl_plugin.c  | 60 ++++++++++++++++---
 .../plugins/gcrypt/gcrypt_plugin.c            |  2 +
 .../plugins/openssl/openssl_plugin.c          |  2 +
 3 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 30bc5a634..89296677e 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -53,16 +53,53 @@ static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
 	this->features[this->count - 1] = f;
 }
 
+/**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+								 char *proto, plugin_feature_t f)
+{
+	/* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+	if (strpfx(ssl, "OpenSSL"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+	}
+	else if (strpfx(ssl, "GnuTLS"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+	}
+	else if (strpfx(ssl, "NSS"))
+	{
+		add_feature(this, f);
+	}
+	else
+	{
+		DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+			 ssl, proto);
+	}
+}
+
 /**
  * Get supported protocols, build plugin feature set
  */
 static bool query_protocols(private_curl_plugin_t *this)
 {
-	static char *protos[] = {
-		/* protocols we are interested in, suffixed with "://" */
-		"file://", "http://", "https://", "ftp://",
+
+	struct {
+		/* protocol we are interested in, suffixed with "://" */
+		char *name;
+		/* require SSL library initialization? */
+		bool ssl;
+	} protos[] = {
+		{ "file://",		FALSE,	},
+		{ "http://",		FALSE,	},
+		{ "https://",		TRUE,	},
+		{ "ftp://",			FALSE,	},
 	};
 	curl_version_info_data *info;
+	char *name;
 	int i, j;
 
 	add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
@@ -73,12 +110,21 @@ static bool query_protocols(private_curl_plugin_t *this)
 	{
 		for (j = 0; j < countof(protos); j++)
 		{
-			if (strlen(info->protocols[i]) == strlen(protos[j]) - strlen("://"))
+			name = protos[j].name;
+			if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
 			{
-				if (strneq(info->protocols[i], protos[j],
-						   strlen(protos[j]) - strlen("://")))
+				if (strneq(info->protocols[i], name,
+						   strlen(name) - strlen("://")))
 				{
-					add_feature(this, PLUGIN_PROVIDE(FETCHER, protos[j]));
+					if (protos[j].ssl)
+					{
+						add_feature_with_ssl(this, info->ssl_version, name,
+									PLUGIN_PROVIDE(FETCHER, name));
+					}
+					else
+					{
+						add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+					}
 				}
 			}
 		}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index f4254bb93..480c083c0 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -102,6 +102,8 @@ METHOD(plugin_t, get_features, int,
 	private_gcrypt_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
+		/* we provide threading-safe initialization of libgcrypt */
+		PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
 		/* crypters */
 		PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a426cdcb3..e48efe3e9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int,
 	private_openssl_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
+		/* we provide OpenSSL threading callbacks */
+		PLUGIN_PROVIDE(CUSTOM, "openssl-threading"),
 		/* crypters */
 		PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
 #ifndef OPENSSL_NO_AES
-- 
2.21.0
openSUSE Build Service is sponsored by
Places