projects / shibboleth / cpp-xmltooling.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update build revision
[shibboleth/cpp-xmltooling.git] / xmltooling / XMLToolingConfig.cpp
diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp
index 5f180e0..4a6e873 100644 (file)
--- a/xmltooling/XMLToolingConfig.cpp
+++ b/xmltooling/XMLToolingConfig.cpp
@@ -397,7 +397,9 @@ bool XMLToolingInternalConfig::init()
         if (curlver) {
             log.debug("libcurl %s initialization complete", curlver->version);
             if (!(curlver->features & CURL_VERSION_SSL)) {
-                log.warn("libcurl lacks TLS/SSL support, this will greatly limit functionality");
+                log.crit("libcurl lacks TLS/SSL support, this will greatly limit functionality");
+            } else if (curlver->ssl_version && !strstr(curlver->ssl_version, "OpenSSL")) {
+                log.crit("libcurl lacks OpenSSL-specific options, this will greatly limit functionality");
             }
         }
         else {
@@ -413,12 +415,15 @@ bool XMLToolingInternalConfig::init()
 # ifdef XMLTOOLING_XMLSEC_DEBUGLOGGING
         XSECPlatformUtils::SetReferenceLoggingSink(TXFMOutputLogFactory);
 # endif
-        m_xsecProvider=new XSECProvider();
+        m_xsecProvider = new XSECProvider();
         log.debug("XML-Security %s initialization complete", XSEC_FULLVERSIONDOT);
 #endif
 
-        m_parserPool=new ParserPool();
-        m_validatingPool=new ParserPool(true,true);
+        m_parserPool = new ParserPool();
+        m_validatingPool = new ParserPool(true,true);
+
+        m_pathResolver = new PathResolver();
+        m_urlEncoder = new URLEncoder();
 
         // Load catalogs from deprecated path setting.
         if (!catalog_path.empty())
@@ -459,9 +464,6 @@ bool XMLToolingInternalConfig::init()
         registerSOAPTransports();
         initSOAPTransports();
 
-        m_pathResolver = new PathResolver();
-        m_urlEncoder = new URLEncoder();
-
         HTTPResponse::getAllowedSchemes().push_back("https");
         HTTPResponse::getAllowedSchemes().push_back("http");
 
@@ -745,6 +747,7 @@ void XMLToolingInternalConfig::registerXMLAlgorithms()
 
     // With ECDSA, XML-Security exports a public macro for OpenSSL's support, and any
     // versions of XML-Security that didn't provide the macro don't handle ECDSA anyway.
+    // However, the SHA-224 variant was left out of the initial XML-Security release.
 
     // With AES and GCM, all supported XML-Security versions export a macro for OpenSSL's support.
 
@@ -764,6 +767,10 @@ void XMLToolingInternalConfig::registerXMLAlgorithms()
 #endif
 
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA1, "DSA", 0, ALGTYPE_SIGN);
+#if defined(URI_ID_DSA_SHA256) && defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256)
+    registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA256, "DSA", 0, ALGTYPE_SIGN);
+#endif
+
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_MD5, "RSA", 0, ALGTYPE_SIGN);
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1, "RSA", 0, ALGTYPE_SIGN);
 #if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256)
@@ -777,10 +784,13 @@ void XMLToolingInternalConfig::registerXMLAlgorithms()
 
 #ifdef XSEC_OPENSSL_HAVE_EC
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA1, "EC", 0, ALGTYPE_SIGN);
-#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256)
+# if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256)
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA256, "EC", 0, ALGTYPE_SIGN);
+#  ifdef URI_ID_ECDSA_SHA224
+    registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA224, "EC", 0, ALGTYPE_SIGN);
+#  endif
 # endif
-#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512)
+# if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512)
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA384, "EC", 0, ALGTYPE_SIGN);
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA512, "EC", 0, ALGTYPE_SIGN);
 # endif
@@ -798,7 +808,7 @@ void XMLToolingInternalConfig::registerXMLAlgorithms()
 
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_1_5, "RSA", 0, ALGTYPE_KEYENCRYPT);
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, "RSA", 0, ALGTYPE_KEYENCRYPT);
-#ifdef XMLTOOLING_XMLSEC_OAEP11
+#ifdef URI_ID_RSA_OAEP
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP, "RSA", 0, ALGTYPE_KEYENCRYPT);
 #endif
 
@@ -814,6 +824,12 @@ void XMLToolingInternalConfig::registerXMLAlgorithms()
 
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_CBC, "AES", 256, ALGTYPE_ENCRYPT);
     registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256, "AES", 256, ALGTYPE_KEYENCRYPT);
+
+# ifdef URI_ID_KW_AES128_PAD
+    registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES128_PAD, "AES", 128, ALGTYPE_KEYENCRYPT);
+    registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES192_PAD, "AES", 192, ALGTYPE_KEYENCRYPT);
+    registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256_PAD, "AES", 256, ALGTYPE_KEYENCRYPT);
+# endif
 #endif
 
 #ifdef XSEC_OPENSSL_HAVE_GCM
Unnamed repository; edit this file 'description' to name the repository.