diff options
| author | Seonah Moon <seonah1.moon@samsung.com> | 2020-09-18 10:09:50 +0900 |
|---|---|---|
| committer | Seonah Moon <seonah1.moon@samsung.com> | 2020-09-18 10:09:59 +0900 |
| commit | 1005a0359d3edbd8c0e178517bc606ccf0318b8f (patch) | |
| tree | 4710f3f440b690c4e9e89837cfa413a5d61e7e3a | |
| parent | 6f6c085af2495c03fdeb617363e2257d9d66eb33 (diff) | |
| download | curl-accepted/tizen_6.0_base_hotfix.tar.gz curl-accepted/tizen_6.0_base_hotfix.tar.bz2 curl-accepted/tizen_6.0_base_hotfix.zip | |
Add strict-ssl-check option to avoid unexpected 56 errortizen_6.0.m2_releasesubmit/tizen_base/20200921.004003submit/tizen_6.0_base_hotfix/20201102.162701submit/tizen_6.0_base_hotfix/20201030.192501submit/tizen_6.0_base/20201029.184801accepted/tizen/base/20200922.032751accepted/tizen/6.0/base/hotfix/20201102.093310accepted/tizen/6.0/base/20201029.110343tizen_6.0_base_hotfixaccepted/tizen_6.0_base_hotfix
SSL_ERROR_SYSCALL has been handled little stricter since curl 7.67.
(For example, 56 error occurs when server clase the connection abruptly
without a close_notify alert.)
The change is applied only in debug build for compatibility with older
peers.
However, Curl in Tizen is built with debug option.
So, Unexpected 56 error can occurs.
To avoid it, This patch creates new option and disable it.
Change-Id: I6d2b493aa1ce1ea2ce7fe1151f8948537e52c332
| -rwxr-xr-x | configure.ac | 17 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 2 |
2 files changed, 18 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index d9777113d..9ae44ecbc 100755 --- a/configure.ac +++ b/configure.ac @@ -3416,6 +3416,21 @@ dnl https://www15.software.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ dnl genprogc/thread_quick_ref.htm dnl ********************************************************************** +dnl Check for strict SSL check +dnl ********************************************************************** +AC_ARG_ENABLE([strict-ssl-check], + AS_HELP_STRING([--enable-strict-ssl-check], [Enable strict SSL check usage]), + [enable_strict_ssl_check=yes], + [enable_strict_ssl_check=no]) + +AS_IF([test "x$enable_strict_ssl_check" = "xyes"], [ + CPPFLAGS+=" -DUSE_TIZEN_FEATURE_STRICT_SSL_CHECK" + SUPPORT_TIZEN_FEATURES="$SUPPORT_TIZEN_FEATURES strict-ssl-check" +]) + +AM_CONDITIONAL(USE_TIZEN_FEATURE_STRICT_SSL_CHECK, test "x$enable_strict_ssl_check" = "xyes") + +dnl ********************************************************************** dnl Check for DLP dnl ********************************************************************** @@ -3424,6 +3439,7 @@ AC_ARG_ENABLE([dlp], AS_IF([test "x$enable_dlp" = "xyes"], [ CPPFLAGS+=" -DUSE_TIZEN_FEATURE_DLP" + SUPPORT_TIZEN_FEATURES="$SUPPORT_TIZEN_FEATURES dlp" ]) AM_CONDITIONAL(USE_TIZEN_FEATURE_DLP, test "x$enable_dlp" = "xyes") @@ -5008,6 +5024,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: ESNI: ${curl_esni_msg} Protocols: ${SUPPORT_PROTOCOLS} Features: ${SUPPORT_FEATURES} + Tizen Features: ${SUPPORT_TIZEN_FEATURES} ]) if test -n "$experimental"; then cat >&2 << _EOF diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 726ff6e7c..440c89e72 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3958,7 +3958,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ We can use this to gauge how many users may be affected, and if it goes ok eventually transition to allow in dev and release with the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) */ -#ifdef DEBUGBUILD +#if defined(DEBUGBUILD) && defined(USE_TIZEN_FEATURE_STRICT_SSL_CHECK) if(err == SSL_ERROR_SYSCALL) { int sockerr = SOCKERRNO; if(sockerr) |