Mirrors/curl
0
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-01-18 17:21:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

gnutls: report accurate error when TLS-SRP is not built-in

Browse Source 
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.

When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.

Also add comments to autotools and cmake scripts about this feature
detection property.

Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.

```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```

Ref: dab063fca2
Ref: a21e89edac

Closes #19365
This commit is contained in:
Viktor Szakats
2025-11-04 18:37:49 +01:00
parent 66a66c596b
commit 8e6149598b
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -934,6 +934,8 @@ if(CURL_USE_GNUTLS)
list(APPEND CMAKE_REQUIRED_INCLUDES "${GNUTLS_INCLUDE_DIRS}")
list(APPEND CMAKE_REQUIRED_LIBRARIES "${GNUTLS_LIBRARIES}")
curl_required_libpaths("${GNUTLS_LIBRARY_DIRS}")
# In GnuTLS 3.8.0 (2023-02-10) and upper, this check always succeeds.
# Detecting actual TLS-SRP support needs poking the API at runtime.
check_symbol_exists("gnutls_srp_verifier" "gnutls/gnutls.h" HAVE_GNUTLS_SRP)
cmake_pop_check_state()
endif()

7
lib/vtls/gtls.c
View File

@@ -877,7 +877,12 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf,
infof(data, "Using TLS-SRP username: %s", config->username);
rc = gnutls_srp_allocate_client_credentials(&gtls->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
if(rc == GNUTLS_E_UNIMPLEMENTED_FEATURE) {
failf(data, "GnuTLS: TLS-SRP support not built in: %s",
gnutls_strerror(rc));
return CURLE_NOT_BUILT_IN;
}
else if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
gnutls_strerror(rc));
return CURLE_OUT_OF_MEMORY;

3
m4/curl-gnutls.m4
View File

@@ -156,6 +156,9 @@ if test "$GNUTLS_ENABLED" = "1"; then
dnl ---
dnl We require GnuTLS with SRP support.
dnl
dnl In GnuTLS 3.8.0 (2023-02-10) and upper, this check always succeeds.
dnl Detecting actual TLS-SRP support needs poking the API at runtime.
dnl ---
AC_CHECK_LIB(gnutls, gnutls_srp_verifier,
[