curl: For SSL features, depend on thread-safety provided by our crypto plugins

To use SSL in curl, we need to initialize the SSL library in a thread-safe
manner and provide the appropriate callbacks. As we already do that in our
crypto plugins using these libraries, we depend on these features.

This implies that we need the same plugin enabled (openssl, gcrypt) as the
curl backend is configured to use to fetch from HTTPS URIs.

3 files changed, 57 insertions, 7 deletions

diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 30bc5a634..89296677e 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -54,15 +54,52 @@ static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
 }
 
 /**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+								 char *proto, plugin_feature_t f)
+{
+	/* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+	if (strpfx(ssl, "OpenSSL"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+	}
+	else if (strpfx(ssl, "GnuTLS"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+	}
+	else if (strpfx(ssl, "NSS"))
+	{
+		add_feature(this, f);
+	}
+	else
+	{
+		DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+			 ssl, proto);
+	}
+}
+
+/**
  * Get supported protocols, build plugin feature set
  */
 static bool query_protocols(private_curl_plugin_t *this)
 {
-	static char *protos[] = {
-		/* protocols we are interested in, suffixed with "://" */
-		"file://", "http://", "https://", "ftp://",
+
+	struct {
+		/* protocol we are interested in, suffixed with "://" */
+		char *name;
+		/* require SSL library initialization? */
+		bool ssl;
+	} protos[] = {
+		{ "file://",		FALSE,	},
+		{ "http://",		FALSE,	},
+		{ "https://",		TRUE,	},
+		{ "ftp://",			FALSE,	},
 	};
 	curl_version_info_data *info;
+	char *name;
 	int i, j;
 
 	add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
@@ -73,12 +110,21 @@ static bool query_protocols(private_curl_plugin_t *this)
 	{
 		for (j = 0; j < countof(protos); j++)
 		{
-			if (strlen(info->protocols[i]) == strlen(protos[j]) - strlen("://"))
+			name = protos[j].name;
+			if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
 			{
-				if (strneq(info->protocols[i], protos[j],
-						   strlen(protos[j]) - strlen("://")))
+				if (strneq(info->protocols[i], name,
+						   strlen(name) - strlen("://")))
 				{
-					add_feature(this, PLUGIN_PROVIDE(FETCHER, protos[j]));
+					if (protos[j].ssl)
+					{
+						add_feature_with_ssl(this, info->ssl_version, name,
+									PLUGIN_PROVIDE(FETCHER, name));
+					}
+					else
+					{
+						add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+					}
 				}
 			}
 		}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index f4254bb93..480c083c0 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -58,6 +58,8 @@ METHOD(plugin_t, get_features, int,
 	private_gcrypt_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
+		/* we provide threading-safe initialization of libgcrypt */
+		PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
 		/* crypters */
 		PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a426cdcb3..e48efe3e9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int,
 	private_openssl_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
+		/* we provide OpenSSL threading callbacks */
+		PLUGIN_PROVIDE(CUSTOM, "openssl-threading"),
 		/* crypters */
 		PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
 #ifndef OPENSSL_NO_AES