On Tue, Nov 08, 2022 at 12:56:13PM +0100, Michal Orzel wrote:
> The code checking for CURLOPT_TLS13_CIPHERS option did not work
> properly, because of incorrect assumption that this symbol was a
> preprocessor macro. It is in fact element of enum type, which
> resulted with #ifdef directive working improperly. Change replaces
> compile-time verification with run-time, based on return value of
> curl_easy_setopt function.
Understood, but ...
> Signed-off-by: Michal Orzel <michalx.or...@intel.com>
> ---
> plugins/curl/curl.c | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
>
> diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
> index 9a818bfa..42b70f01 100644
> --- a/plugins/curl/curl.c
> +++ b/plugins/curl/curl.c
> @@ -560,14 +560,13 @@ curl_open (int readonly)
> if (ssl_cipher_list)
> curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
> if (tls13_ciphers) {
> -#ifdef CURLOPT_TLS13_CIPHERS
> - curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
> -#else
> - /* This is not available in, eg, RHEL 7 */
> - nbdkit_error ("tls13-ciphers is not supported in this build of "
> - "nbdkit-curl-plugin");
> - goto err;
> -#endif
> + r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
... this still fails on RHEL 7 as the enum isn't defined:
$ rpm -q curl
curl-7.29.0-59.el7.x86_64
----------------------------------------------------------------------
In file included from /usr/include/curl/curl.h:2251:0,
from curl.c:47:
curl.c: In function 'curl_open':
curl.c:563:33: error: 'CURLOPT_TLS13_CIPHERS' undeclared (first use in this
function)
r = curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers);
^
curl.c:563:33: note: each undeclared identifier is reported only once for each
function it appears in
----------------------------------------------------------------------
I think you need to check for the enum in configure.ac. Unfortunately
autoconf provides no useful facility for this so you have to use
AC_COMPILE_IFELSE :-(
Let me know if you get into any difficulties ...
Rich.
> + if (r != CURLE_OK) {
> + /* This is not available in, eg, RHEL 7 */
> + display_curl_error (h, r, "curl_easy_setopt: CURLOPT_TLS13_CIPHERS
> [%s]",
> + tls13_ciphers);
> + goto err;
> + }
> }
> if (tcp_keepalive)
> curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
> --
> 2.25.1
>
> ---------------------------------------------------------------------
> Intel Technology Poland sp. z o.o.
> ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII
> Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP
> 957-07-52-316 | Kapital zakladowy 200.000 PLN.
> Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy
> z dnia 8 marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w
> transakcjach handlowych.
>
> Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i
> moze zawierac informacje poufne. W razie przypadkowego otrzymania tej
> wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie;
> jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione.
> This e-mail and any attachments may contain confidential material for the
> sole use of the intended recipient(s). If you are not the intended recipient,
> please contact the sender and delete all copies; any review or distribution
> by others is strictly prohibited.
>
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
