|
|
d73b74 |
From bb8ad3da3fb4ab3f6556daa1f67b259c12a3c7de Mon Sep 17 00:00:00 2001
|
|
|
d73b74 |
From: Christian Heimes <christian@python.org>
|
|
|
d73b74 |
Date: Fri, 21 Sep 2018 10:37:43 +0200
|
|
|
d73b74 |
Subject: [PATCH] OpenSSL: enable TLS 1.3 post-handshake auth
|
|
|
d73b74 |
|
|
|
d73b74 |
OpenSSL 1.1.1 requires clients to opt-in for post-handshake
|
|
|
d73b74 |
authentication.
|
|
|
d73b74 |
|
|
|
d73b74 |
Fixes: https://github.com/curl/curl/issues/3026
|
|
|
d73b74 |
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
d73b74 |
|
|
|
d73b74 |
Closes https://github.com/curl/curl/pull/3027
|
|
|
d73b74 |
|
|
|
d73b74 |
Upstream-commit: b939bc47b27cd57c6ebb852ad653933e4124b452
|
|
|
d73b74 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
d73b74 |
---
|
|
|
d73b74 |
lib/vtls/openssl.c | 6 ++++++
|
|
|
d73b74 |
1 file changed, 6 insertions(+)
|
|
|
d73b74 |
|
|
|
d73b74 |
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
|
d73b74 |
index a487f55..78970d1 100644
|
|
|
d73b74 |
--- a/lib/vtls/openssl.c
|
|
|
d73b74 |
+++ b/lib/vtls/openssl.c
|
|
|
d73b74 |
@@ -178,6 +178,7 @@ static unsigned long OpenSSL_version_num(void)
|
|
|
d73b74 |
!defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
d73b74 |
!defined(OPENSSL_IS_BORINGSSL))
|
|
|
d73b74 |
#define HAVE_SSL_CTX_SET_CIPHERSUITES
|
|
|
d73b74 |
+#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
|
|
d73b74 |
#endif
|
|
|
d73b74 |
|
|
|
d73b74 |
#if defined(LIBRESSL_VERSION_NUMBER)
|
|
|
d73b74 |
@@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|
|
d73b74 |
}
|
|
|
d73b74 |
#endif
|
|
|
d73b74 |
|
|
|
d73b74 |
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
|
|
d73b74 |
+ /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
|
|
|
d73b74 |
+ SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
|
|
|
d73b74 |
+#endif
|
|
|
d73b74 |
+
|
|
|
d73b74 |
#ifdef USE_TLS_SRP
|
|
|
d73b74 |
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
|
|
d73b74 |
char * const ssl_username = SSL_SET_OPTION(username);
|
|
|
d73b74 |
--
|
|
|
d73b74 |
2.17.1
|
|
|
d73b74 |
|