[Libguestfs] [PATCH v2] curl: Fix verification of CURLOPT_TLS13_CIPHERS
Richard W.M. Jones
rjones at redhat.com
Thu Nov 10 17:10:13 UTC 2022
On Thu, Nov 10, 2022 at 05:17:35PM +0100, Michal Orzel wrote:
> The code checking for CURLOPT_TLS13_CIPHERS option did not work
> properly, because of incorrect assumption that this symbol was a
> preprocessor macro. It is in fact element of enum type, which
> resulted with #ifdef directive working improperly. Fix changes that
> check to be based on curl version instead.
>
> Signed-off-by: Michal Orzel <michalx.orzel at intel.com>
> ---
> plugins/curl/curl.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
> index 77f88fff..724ffd43 100644
> --- a/plugins/curl/curl.c
> +++ b/plugins/curl/curl.c
> @@ -560,10 +560,11 @@ curl_open (int readonly)
> if (ssl_cipher_list)
> curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
> if (tls13_ciphers) {
> -#ifdef CURLOPT_TLS13_CIPHERS
> +#if (LIBCURL_VERSION_MAJOR > 7) || \
> + (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 61)
> curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
> #else
> - /* This is not available in, eg, RHEL 7 */
> + /* This is not available before curl-7.61 */
> nbdkit_error ("tls13-ciphers is not supported in this build of "
> "nbdkit-curl-plugin");
> goto err;
Thanks Michal. I confirmed that this compiles on RHEL 7 and gives an
error (as expected):
$ ./nbdkit -U - curl file:///dev/null tls13-ciphers=test --run '../libnbd/run nbdinfo $uri'
nbdkit: curl[1]: error: tls13-ciphers is not supported in this build of nbdkit-curl-plugin
nbdkit: curl[1]: error: tls13-ciphers is not supported in this build of nbdkit-curl-plugin
/home/rjones/d/libnbd/info/.libs/lt-nbdinfo: nbd_opt_go: server replied with error to opt_go request: No such file or directory for the default export
/home/rjones/d/libnbd/info/.libs/lt-nbdinfo: suggestion: to list all exports on the server, use --list
protocol: newstyle-fixed without TLS
And on Fedora it works:
$ ./nbdkit -U - curl file:///dev/null tls13-ciphers=test --run 'nbdinfo $uri'
protocol: newstyle-fixed without TLS, using structured packets
export="":
export-size: 0
content: empty
uri: nbd+unix:///?socket=/tmp/nbdkitZwdPXJ/socket
contexts:
base:allocation
is_rotational: false
is_read_only: false
can_cache: false
can_df: true
can_fast_zero: true
can_flush: false
can_fua: false
can_multi_conn: false
can_trim: false
can_zero: true
I have pushed this as commit 242757dd5c9fbf00a487ab934d67db442fe08661.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit
More information about the Libguestfs
mailing list