Annotation of embedaddon/curl/lib/vtls/vtls.c, revision 1.1
1.1 ! misho 1: /***************************************************************************
! 2: * _ _ ____ _
! 3: * Project ___| | | | _ \| |
! 4: * / __| | | | |_) | |
! 5: * | (__| |_| | _ <| |___
! 6: * \___|\___/|_| \_\_____|
! 7: *
! 8: * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: *
! 10: * This software is licensed as described in the file COPYING, which
! 11: * you should have received as part of this distribution. The terms
! 12: * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: *
! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: * copies of the Software, and permit persons to whom the Software is
! 16: * furnished to do so, under the terms of the COPYING file.
! 17: *
! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: * KIND, either express or implied.
! 20: *
! 21: ***************************************************************************/
! 22:
! 23: /* This file is for implementing all "generic" SSL functions that all libcurl
! 24: internals should use. It is then responsible for calling the proper
! 25: "backend" function.
! 26:
! 27: SSL-functions in libcurl should call functions in this source file, and not
! 28: to any specific SSL-layer.
! 29:
! 30: Curl_ssl_ - prefix for generic ones
! 31:
! 32: Note that this source code uses the functions of the configured SSL
! 33: backend via the global Curl_ssl instance.
! 34:
! 35: "SSL/TLS Strong Encryption: An Introduction"
! 36: https://httpd.apache.org/docs/2.0/ssl/ssl_intro.html
! 37: */
! 38:
! 39: #include "curl_setup.h"
! 40:
! 41: #ifdef HAVE_SYS_TYPES_H
! 42: #include <sys/types.h>
! 43: #endif
! 44: #ifdef HAVE_SYS_STAT_H
! 45: #include <sys/stat.h>
! 46: #endif
! 47: #ifdef HAVE_FCNTL_H
! 48: #include <fcntl.h>
! 49: #endif
! 50:
! 51: #include "urldata.h"
! 52:
! 53: #include "vtls.h" /* generic SSL protos etc */
! 54: #include "slist.h"
! 55: #include "sendf.h"
! 56: #include "strcase.h"
! 57: #include "url.h"
! 58: #include "progress.h"
! 59: #include "share.h"
! 60: #include "multiif.h"
! 61: #include "timeval.h"
! 62: #include "curl_md5.h"
! 63: #include "warnless.h"
! 64: #include "curl_base64.h"
! 65: #include "curl_printf.h"
! 66:
! 67: /* The last #include files should be: */
! 68: #include "curl_memory.h"
! 69: #include "memdebug.h"
! 70:
! 71: /* convenience macro to check if this handle is using a shared SSL session */
! 72: #define SSLSESSION_SHARED(data) (data->share && \
! 73: (data->share->specifier & \
! 74: (1<<CURL_LOCK_DATA_SSL_SESSION)))
! 75:
! 76: #define CLONE_STRING(var) \
! 77: if(source->var) { \
! 78: dest->var = strdup(source->var); \
! 79: if(!dest->var) \
! 80: return FALSE; \
! 81: } \
! 82: else \
! 83: dest->var = NULL;
! 84:
! 85: bool
! 86: Curl_ssl_config_matches(struct ssl_primary_config* data,
! 87: struct ssl_primary_config* needle)
! 88: {
! 89: if((data->version == needle->version) &&
! 90: (data->version_max == needle->version_max) &&
! 91: (data->verifypeer == needle->verifypeer) &&
! 92: (data->verifyhost == needle->verifyhost) &&
! 93: (data->verifystatus == needle->verifystatus) &&
! 94: Curl_safe_strcasecompare(data->CApath, needle->CApath) &&
! 95: Curl_safe_strcasecompare(data->CAfile, needle->CAfile) &&
! 96: Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
! 97: Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
! 98: Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
! 99: Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
! 100: Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
! 101: Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
! 102: return TRUE;
! 103:
! 104: return FALSE;
! 105: }
! 106:
! 107: bool
! 108: Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
! 109: struct ssl_primary_config *dest)
! 110: {
! 111: dest->version = source->version;
! 112: dest->version_max = source->version_max;
! 113: dest->verifypeer = source->verifypeer;
! 114: dest->verifyhost = source->verifyhost;
! 115: dest->verifystatus = source->verifystatus;
! 116: dest->sessionid = source->sessionid;
! 117:
! 118: CLONE_STRING(CApath);
! 119: CLONE_STRING(CAfile);
! 120: CLONE_STRING(clientcert);
! 121: CLONE_STRING(random_file);
! 122: CLONE_STRING(egdsocket);
! 123: CLONE_STRING(cipher_list);
! 124: CLONE_STRING(cipher_list13);
! 125: CLONE_STRING(pinned_key);
! 126:
! 127: return TRUE;
! 128: }
! 129:
! 130: void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
! 131: {
! 132: Curl_safefree(sslc->CApath);
! 133: Curl_safefree(sslc->CAfile);
! 134: Curl_safefree(sslc->clientcert);
! 135: Curl_safefree(sslc->random_file);
! 136: Curl_safefree(sslc->egdsocket);
! 137: Curl_safefree(sslc->cipher_list);
! 138: Curl_safefree(sslc->cipher_list13);
! 139: Curl_safefree(sslc->pinned_key);
! 140: }
! 141:
! 142: #ifdef USE_SSL
! 143: static int multissl_init(const struct Curl_ssl *backend);
! 144: #endif
! 145:
! 146: int Curl_ssl_backend(void)
! 147: {
! 148: #ifdef USE_SSL
! 149: multissl_init(NULL);
! 150: return Curl_ssl->info.id;
! 151: #else
! 152: return (int)CURLSSLBACKEND_NONE;
! 153: #endif
! 154: }
! 155:
! 156: #ifdef USE_SSL
! 157:
! 158: /* "global" init done? */
! 159: static bool init_ssl = FALSE;
! 160:
! 161: /**
! 162: * Global SSL init
! 163: *
! 164: * @retval 0 error initializing SSL
! 165: * @retval 1 SSL initialized successfully
! 166: */
! 167: int Curl_ssl_init(void)
! 168: {
! 169: /* make sure this is only done once */
! 170: if(init_ssl)
! 171: return 1;
! 172: init_ssl = TRUE; /* never again */
! 173:
! 174: return Curl_ssl->init();
! 175: }
! 176:
! 177: #if defined(CURL_WITH_MULTI_SSL)
! 178: static const struct Curl_ssl Curl_ssl_multi;
! 179: #endif
! 180:
! 181: /* Global cleanup */
! 182: void Curl_ssl_cleanup(void)
! 183: {
! 184: if(init_ssl) {
! 185: /* only cleanup if we did a previous init */
! 186: Curl_ssl->cleanup();
! 187: #if defined(CURL_WITH_MULTI_SSL)
! 188: Curl_ssl = &Curl_ssl_multi;
! 189: #endif
! 190: init_ssl = FALSE;
! 191: }
! 192: }
! 193:
! 194: static bool ssl_prefs_check(struct Curl_easy *data)
! 195: {
! 196: /* check for CURLOPT_SSLVERSION invalid parameter value */
! 197: const long sslver = data->set.ssl.primary.version;
! 198: if((sslver < 0) || (sslver >= CURL_SSLVERSION_LAST)) {
! 199: failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
! 200: return FALSE;
! 201: }
! 202:
! 203: switch(data->set.ssl.primary.version_max) {
! 204: case CURL_SSLVERSION_MAX_NONE:
! 205: case CURL_SSLVERSION_MAX_DEFAULT:
! 206: break;
! 207:
! 208: default:
! 209: if((data->set.ssl.primary.version_max >> 16) < sslver) {
! 210: failf(data, "CURL_SSLVERSION_MAX incompatible with CURL_SSLVERSION");
! 211: return FALSE;
! 212: }
! 213: }
! 214:
! 215: return TRUE;
! 216: }
! 217:
! 218: static CURLcode
! 219: ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
! 220: {
! 221: DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
! 222: if(ssl_connection_complete == conn->ssl[sockindex].state &&
! 223: !conn->proxy_ssl[sockindex].use) {
! 224: struct ssl_backend_data *pbdata;
! 225:
! 226: if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
! 227: return CURLE_NOT_BUILT_IN;
! 228:
! 229: /* The pointers to the ssl backend data, which is opaque here, are swapped
! 230: rather than move the contents. */
! 231: pbdata = conn->proxy_ssl[sockindex].backend;
! 232: conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
! 233:
! 234: memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
! 235: memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
! 236:
! 237: conn->ssl[sockindex].backend = pbdata;
! 238: }
! 239: return CURLE_OK;
! 240: }
! 241:
! 242: CURLcode
! 243: Curl_ssl_connect(struct connectdata *conn, int sockindex)
! 244: {
! 245: CURLcode result;
! 246:
! 247: if(conn->bits.proxy_ssl_connected[sockindex]) {
! 248: result = ssl_connect_init_proxy(conn, sockindex);
! 249: if(result)
! 250: return result;
! 251: }
! 252:
! 253: if(!ssl_prefs_check(conn->data))
! 254: return CURLE_SSL_CONNECT_ERROR;
! 255:
! 256: /* mark this is being ssl-enabled from here on. */
! 257: conn->ssl[sockindex].use = TRUE;
! 258: conn->ssl[sockindex].state = ssl_connection_negotiating;
! 259:
! 260: result = Curl_ssl->connect_blocking(conn, sockindex);
! 261:
! 262: if(!result)
! 263: Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
! 264:
! 265: return result;
! 266: }
! 267:
! 268: CURLcode
! 269: Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
! 270: bool *done)
! 271: {
! 272: CURLcode result;
! 273: if(conn->bits.proxy_ssl_connected[sockindex]) {
! 274: result = ssl_connect_init_proxy(conn, sockindex);
! 275: if(result)
! 276: return result;
! 277: }
! 278:
! 279: if(!ssl_prefs_check(conn->data))
! 280: return CURLE_SSL_CONNECT_ERROR;
! 281:
! 282: /* mark this is being ssl requested from here on. */
! 283: conn->ssl[sockindex].use = TRUE;
! 284: result = Curl_ssl->connect_nonblocking(conn, sockindex, done);
! 285: if(!result && *done)
! 286: Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
! 287: return result;
! 288: }
! 289:
! 290: /*
! 291: * Lock shared SSL session data
! 292: */
! 293: void Curl_ssl_sessionid_lock(struct connectdata *conn)
! 294: {
! 295: if(SSLSESSION_SHARED(conn->data))
! 296: Curl_share_lock(conn->data,
! 297: CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
! 298: }
! 299:
! 300: /*
! 301: * Unlock shared SSL session data
! 302: */
! 303: void Curl_ssl_sessionid_unlock(struct connectdata *conn)
! 304: {
! 305: if(SSLSESSION_SHARED(conn->data))
! 306: Curl_share_unlock(conn->data, CURL_LOCK_DATA_SSL_SESSION);
! 307: }
! 308:
! 309: /*
! 310: * Check if there's a session ID for the given connection in the cache, and if
! 311: * there's one suitable, it is provided. Returns TRUE when no entry matched.
! 312: */
! 313: bool Curl_ssl_getsessionid(struct connectdata *conn,
! 314: void **ssl_sessionid,
! 315: size_t *idsize, /* set 0 if unknown */
! 316: int sockindex)
! 317: {
! 318: struct curl_ssl_session *check;
! 319: struct Curl_easy *data = conn->data;
! 320: size_t i;
! 321: long *general_age;
! 322: bool no_match = TRUE;
! 323:
! 324: const bool isProxy = CONNECT_PROXY_SSL();
! 325: struct ssl_primary_config * const ssl_config = isProxy ?
! 326: &conn->proxy_ssl_config :
! 327: &conn->ssl_config;
! 328: const char * const name = isProxy ? conn->http_proxy.host.name :
! 329: conn->host.name;
! 330: int port = isProxy ? (int)conn->port : conn->remote_port;
! 331: *ssl_sessionid = NULL;
! 332:
! 333: DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
! 334:
! 335: if(!SSL_SET_OPTION(primary.sessionid))
! 336: /* session ID re-use is disabled */
! 337: return TRUE;
! 338:
! 339: /* Lock if shared */
! 340: if(SSLSESSION_SHARED(data))
! 341: general_age = &data->share->sessionage;
! 342: else
! 343: general_age = &data->state.sessionage;
! 344:
! 345: for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
! 346: check = &data->state.session[i];
! 347: if(!check->sessionid)
! 348: /* not session ID means blank entry */
! 349: continue;
! 350: if(strcasecompare(name, check->name) &&
! 351: ((!conn->bits.conn_to_host && !check->conn_to_host) ||
! 352: (conn->bits.conn_to_host && check->conn_to_host &&
! 353: strcasecompare(conn->conn_to_host.name, check->conn_to_host))) &&
! 354: ((!conn->bits.conn_to_port && check->conn_to_port == -1) ||
! 355: (conn->bits.conn_to_port && check->conn_to_port != -1 &&
! 356: conn->conn_to_port == check->conn_to_port)) &&
! 357: (port == check->remote_port) &&
! 358: strcasecompare(conn->handler->scheme, check->scheme) &&
! 359: Curl_ssl_config_matches(ssl_config, &check->ssl_config)) {
! 360: /* yes, we have a session ID! */
! 361: (*general_age)++; /* increase general age */
! 362: check->age = *general_age; /* set this as used in this age */
! 363: *ssl_sessionid = check->sessionid;
! 364: if(idsize)
! 365: *idsize = check->idsize;
! 366: no_match = FALSE;
! 367: break;
! 368: }
! 369: }
! 370:
! 371: return no_match;
! 372: }
! 373:
! 374: /*
! 375: * Kill a single session ID entry in the cache.
! 376: */
! 377: void Curl_ssl_kill_session(struct curl_ssl_session *session)
! 378: {
! 379: if(session->sessionid) {
! 380: /* defensive check */
! 381:
! 382: /* free the ID the SSL-layer specific way */
! 383: Curl_ssl->session_free(session->sessionid);
! 384:
! 385: session->sessionid = NULL;
! 386: session->age = 0; /* fresh */
! 387:
! 388: Curl_free_primary_ssl_config(&session->ssl_config);
! 389:
! 390: Curl_safefree(session->name);
! 391: Curl_safefree(session->conn_to_host);
! 392: }
! 393: }
! 394:
! 395: /*
! 396: * Delete the given session ID from the cache.
! 397: */
! 398: void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
! 399: {
! 400: size_t i;
! 401: struct Curl_easy *data = conn->data;
! 402:
! 403: for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
! 404: struct curl_ssl_session *check = &data->state.session[i];
! 405:
! 406: if(check->sessionid == ssl_sessionid) {
! 407: Curl_ssl_kill_session(check);
! 408: break;
! 409: }
! 410: }
! 411: }
! 412:
! 413: /*
! 414: * Store session id in the session cache. The ID passed on to this function
! 415: * must already have been extracted and allocated the proper way for the SSL
! 416: * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
! 417: * later on.
! 418: */
! 419: CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
! 420: void *ssl_sessionid,
! 421: size_t idsize,
! 422: int sockindex)
! 423: {
! 424: size_t i;
! 425: struct Curl_easy *data = conn->data; /* the mother of all structs */
! 426: struct curl_ssl_session *store = &data->state.session[0];
! 427: long oldest_age = data->state.session[0].age; /* zero if unused */
! 428: char *clone_host;
! 429: char *clone_conn_to_host;
! 430: int conn_to_port;
! 431: long *general_age;
! 432: const bool isProxy = CONNECT_PROXY_SSL();
! 433: struct ssl_primary_config * const ssl_config = isProxy ?
! 434: &conn->proxy_ssl_config :
! 435: &conn->ssl_config;
! 436:
! 437: DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
! 438:
! 439: clone_host = strdup(isProxy ? conn->http_proxy.host.name : conn->host.name);
! 440: if(!clone_host)
! 441: return CURLE_OUT_OF_MEMORY; /* bail out */
! 442:
! 443: if(conn->bits.conn_to_host) {
! 444: clone_conn_to_host = strdup(conn->conn_to_host.name);
! 445: if(!clone_conn_to_host) {
! 446: free(clone_host);
! 447: return CURLE_OUT_OF_MEMORY; /* bail out */
! 448: }
! 449: }
! 450: else
! 451: clone_conn_to_host = NULL;
! 452:
! 453: if(conn->bits.conn_to_port)
! 454: conn_to_port = conn->conn_to_port;
! 455: else
! 456: conn_to_port = -1;
! 457:
! 458: /* Now we should add the session ID and the host name to the cache, (remove
! 459: the oldest if necessary) */
! 460:
! 461: /* If using shared SSL session, lock! */
! 462: if(SSLSESSION_SHARED(data)) {
! 463: general_age = &data->share->sessionage;
! 464: }
! 465: else {
! 466: general_age = &data->state.sessionage;
! 467: }
! 468:
! 469: /* find an empty slot for us, or find the oldest */
! 470: for(i = 1; (i < data->set.general_ssl.max_ssl_sessions) &&
! 471: data->state.session[i].sessionid; i++) {
! 472: if(data->state.session[i].age < oldest_age) {
! 473: oldest_age = data->state.session[i].age;
! 474: store = &data->state.session[i];
! 475: }
! 476: }
! 477: if(i == data->set.general_ssl.max_ssl_sessions)
! 478: /* cache is full, we must "kill" the oldest entry! */
! 479: Curl_ssl_kill_session(store);
! 480: else
! 481: store = &data->state.session[i]; /* use this slot */
! 482:
! 483: /* now init the session struct wisely */
! 484: store->sessionid = ssl_sessionid;
! 485: store->idsize = idsize;
! 486: store->age = *general_age; /* set current age */
! 487: /* free it if there's one already present */
! 488: free(store->name);
! 489: free(store->conn_to_host);
! 490: store->name = clone_host; /* clone host name */
! 491: store->conn_to_host = clone_conn_to_host; /* clone connect to host name */
! 492: store->conn_to_port = conn_to_port; /* connect to port number */
! 493: /* port number */
! 494: store->remote_port = isProxy ? (int)conn->port : conn->remote_port;
! 495: store->scheme = conn->handler->scheme;
! 496:
! 497: if(!Curl_clone_primary_ssl_config(ssl_config, &store->ssl_config)) {
! 498: Curl_free_primary_ssl_config(&store->ssl_config);
! 499: store->sessionid = NULL; /* let caller free sessionid */
! 500: free(clone_host);
! 501: free(clone_conn_to_host);
! 502: return CURLE_OUT_OF_MEMORY;
! 503: }
! 504:
! 505: return CURLE_OK;
! 506: }
! 507:
! 508:
! 509: void Curl_ssl_close_all(struct Curl_easy *data)
! 510: {
! 511: /* kill the session ID cache if not shared */
! 512: if(data->state.session && !SSLSESSION_SHARED(data)) {
! 513: size_t i;
! 514: for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
! 515: /* the single-killer function handles empty table slots */
! 516: Curl_ssl_kill_session(&data->state.session[i]);
! 517:
! 518: /* free the cache data */
! 519: Curl_safefree(data->state.session);
! 520: }
! 521:
! 522: Curl_ssl->close_all(data);
! 523: }
! 524:
! 525: #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
! 526: defined(USE_SECTRANSP) || defined(USE_NSS) || \
! 527: defined(USE_MBEDTLS) || defined(USE_WOLFSSL) || defined(USE_BEARSSL)
! 528: int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks)
! 529: {
! 530: struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
! 531:
! 532: if(connssl->connecting_state == ssl_connect_2_writing) {
! 533: /* write mode */
! 534: socks[0] = conn->sock[FIRSTSOCKET];
! 535: return GETSOCK_WRITESOCK(0);
! 536: }
! 537: if(connssl->connecting_state == ssl_connect_2_reading) {
! 538: /* read mode */
! 539: socks[0] = conn->sock[FIRSTSOCKET];
! 540: return GETSOCK_READSOCK(0);
! 541: }
! 542:
! 543: return GETSOCK_BLANK;
! 544: }
! 545: #else
! 546: int Curl_ssl_getsock(struct connectdata *conn,
! 547: curl_socket_t *socks)
! 548: {
! 549: (void)conn;
! 550: (void)socks;
! 551: return GETSOCK_BLANK;
! 552: }
! 553: /* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_SECTRANSP || USE_NSS */
! 554: #endif
! 555:
! 556: void Curl_ssl_close(struct connectdata *conn, int sockindex)
! 557: {
! 558: DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
! 559: Curl_ssl->close_one(conn, sockindex);
! 560: }
! 561:
! 562: CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
! 563: {
! 564: if(Curl_ssl->shut_down(conn, sockindex))
! 565: return CURLE_SSL_SHUTDOWN_FAILED;
! 566:
! 567: conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
! 568: conn->ssl[sockindex].state = ssl_connection_none;
! 569:
! 570: conn->recv[sockindex] = Curl_recv_plain;
! 571: conn->send[sockindex] = Curl_send_plain;
! 572:
! 573: return CURLE_OK;
! 574: }
! 575:
! 576: /* Selects an SSL crypto engine
! 577: */
! 578: CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine)
! 579: {
! 580: return Curl_ssl->set_engine(data, engine);
! 581: }
! 582:
! 583: /* Selects the default SSL crypto engine
! 584: */
! 585: CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data)
! 586: {
! 587: return Curl_ssl->set_engine_default(data);
! 588: }
! 589:
! 590: /* Return list of OpenSSL crypto engine names. */
! 591: struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data)
! 592: {
! 593: return Curl_ssl->engines_list(data);
! 594: }
! 595:
! 596: /*
! 597: * This sets up a session ID cache to the specified size. Make sure this code
! 598: * is agnostic to what underlying SSL technology we use.
! 599: */
! 600: CURLcode Curl_ssl_initsessions(struct Curl_easy *data, size_t amount)
! 601: {
! 602: struct curl_ssl_session *session;
! 603:
! 604: if(data->state.session)
! 605: /* this is just a precaution to prevent multiple inits */
! 606: return CURLE_OK;
! 607:
! 608: session = calloc(amount, sizeof(struct curl_ssl_session));
! 609: if(!session)
! 610: return CURLE_OUT_OF_MEMORY;
! 611:
! 612: /* store the info in the SSL section */
! 613: data->set.general_ssl.max_ssl_sessions = amount;
! 614: data->state.session = session;
! 615: data->state.sessionage = 1; /* this is brand new */
! 616: return CURLE_OK;
! 617: }
! 618:
! 619: static size_t Curl_multissl_version(char *buffer, size_t size);
! 620:
! 621: size_t Curl_ssl_version(char *buffer, size_t size)
! 622: {
! 623: #ifdef CURL_WITH_MULTI_SSL
! 624: return Curl_multissl_version(buffer, size);
! 625: #else
! 626: return Curl_ssl->version(buffer, size);
! 627: #endif
! 628: }
! 629:
! 630: /*
! 631: * This function tries to determine connection status.
! 632: *
! 633: * Return codes:
! 634: * 1 means the connection is still in place
! 635: * 0 means the connection has been closed
! 636: * -1 means the connection status is unknown
! 637: */
! 638: int Curl_ssl_check_cxn(struct connectdata *conn)
! 639: {
! 640: return Curl_ssl->check_cxn(conn);
! 641: }
! 642:
! 643: bool Curl_ssl_data_pending(const struct connectdata *conn,
! 644: int connindex)
! 645: {
! 646: return Curl_ssl->data_pending(conn, connindex);
! 647: }
! 648:
! 649: void Curl_ssl_free_certinfo(struct Curl_easy *data)
! 650: {
! 651: struct curl_certinfo *ci = &data->info.certs;
! 652:
! 653: if(ci->num_of_certs) {
! 654: /* free all individual lists used */
! 655: int i;
! 656: for(i = 0; i<ci->num_of_certs; i++) {
! 657: curl_slist_free_all(ci->certinfo[i]);
! 658: ci->certinfo[i] = NULL;
! 659: }
! 660:
! 661: free(ci->certinfo); /* free the actual array too */
! 662: ci->certinfo = NULL;
! 663: ci->num_of_certs = 0;
! 664: }
! 665: }
! 666:
! 667: CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num)
! 668: {
! 669: struct curl_certinfo *ci = &data->info.certs;
! 670: struct curl_slist **table;
! 671:
! 672: /* Free any previous certificate information structures */
! 673: Curl_ssl_free_certinfo(data);
! 674:
! 675: /* Allocate the required certificate information structures */
! 676: table = calloc((size_t) num, sizeof(struct curl_slist *));
! 677: if(!table)
! 678: return CURLE_OUT_OF_MEMORY;
! 679:
! 680: ci->num_of_certs = num;
! 681: ci->certinfo = table;
! 682:
! 683: return CURLE_OK;
! 684: }
! 685:
! 686: /*
! 687: * 'value' is NOT a zero terminated string
! 688: */
! 689: CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data,
! 690: int certnum,
! 691: const char *label,
! 692: const char *value,
! 693: size_t valuelen)
! 694: {
! 695: struct curl_certinfo *ci = &data->info.certs;
! 696: char *output;
! 697: struct curl_slist *nl;
! 698: CURLcode result = CURLE_OK;
! 699: size_t labellen = strlen(label);
! 700: size_t outlen = labellen + 1 + valuelen + 1; /* label:value\0 */
! 701:
! 702: output = malloc(outlen);
! 703: if(!output)
! 704: return CURLE_OUT_OF_MEMORY;
! 705:
! 706: /* sprintf the label and colon */
! 707: msnprintf(output, outlen, "%s:", label);
! 708:
! 709: /* memcpy the value (it might not be zero terminated) */
! 710: memcpy(&output[labellen + 1], value, valuelen);
! 711:
! 712: /* zero terminate the output */
! 713: output[labellen + 1 + valuelen] = 0;
! 714:
! 715: nl = Curl_slist_append_nodup(ci->certinfo[certnum], output);
! 716: if(!nl) {
! 717: free(output);
! 718: curl_slist_free_all(ci->certinfo[certnum]);
! 719: result = CURLE_OUT_OF_MEMORY;
! 720: }
! 721:
! 722: ci->certinfo[certnum] = nl;
! 723: return result;
! 724: }
! 725:
! 726: /*
! 727: * This is a convenience function for push_certinfo_len that takes a zero
! 728: * terminated value.
! 729: */
! 730: CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data,
! 731: int certnum,
! 732: const char *label,
! 733: const char *value)
! 734: {
! 735: size_t valuelen = strlen(value);
! 736:
! 737: return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
! 738: }
! 739:
! 740: CURLcode Curl_ssl_random(struct Curl_easy *data,
! 741: unsigned char *entropy,
! 742: size_t length)
! 743: {
! 744: return Curl_ssl->random(data, entropy, length);
! 745: }
! 746:
! 747: /*
! 748: * Public key pem to der conversion
! 749: */
! 750:
! 751: static CURLcode pubkey_pem_to_der(const char *pem,
! 752: unsigned char **der, size_t *der_len)
! 753: {
! 754: char *stripped_pem, *begin_pos, *end_pos;
! 755: size_t pem_count, stripped_pem_count = 0, pem_len;
! 756: CURLcode result;
! 757:
! 758: /* if no pem, exit. */
! 759: if(!pem)
! 760: return CURLE_BAD_CONTENT_ENCODING;
! 761:
! 762: begin_pos = strstr(pem, "-----BEGIN PUBLIC KEY-----");
! 763: if(!begin_pos)
! 764: return CURLE_BAD_CONTENT_ENCODING;
! 765:
! 766: pem_count = begin_pos - pem;
! 767: /* Invalid if not at beginning AND not directly following \n */
! 768: if(0 != pem_count && '\n' != pem[pem_count - 1])
! 769: return CURLE_BAD_CONTENT_ENCODING;
! 770:
! 771: /* 26 is length of "-----BEGIN PUBLIC KEY-----" */
! 772: pem_count += 26;
! 773:
! 774: /* Invalid if not directly following \n */
! 775: end_pos = strstr(pem + pem_count, "\n-----END PUBLIC KEY-----");
! 776: if(!end_pos)
! 777: return CURLE_BAD_CONTENT_ENCODING;
! 778:
! 779: pem_len = end_pos - pem;
! 780:
! 781: stripped_pem = malloc(pem_len - pem_count + 1);
! 782: if(!stripped_pem)
! 783: return CURLE_OUT_OF_MEMORY;
! 784:
! 785: /*
! 786: * Here we loop through the pem array one character at a time between the
! 787: * correct indices, and place each character that is not '\n' or '\r'
! 788: * into the stripped_pem array, which should represent the raw base64 string
! 789: */
! 790: while(pem_count < pem_len) {
! 791: if('\n' != pem[pem_count] && '\r' != pem[pem_count])
! 792: stripped_pem[stripped_pem_count++] = pem[pem_count];
! 793: ++pem_count;
! 794: }
! 795: /* Place the null terminator in the correct place */
! 796: stripped_pem[stripped_pem_count] = '\0';
! 797:
! 798: result = Curl_base64_decode(stripped_pem, der, der_len);
! 799:
! 800: Curl_safefree(stripped_pem);
! 801:
! 802: return result;
! 803: }
! 804:
! 805: /*
! 806: * Generic pinned public key check.
! 807: */
! 808:
! 809: CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
! 810: const char *pinnedpubkey,
! 811: const unsigned char *pubkey, size_t pubkeylen)
! 812: {
! 813: FILE *fp;
! 814: unsigned char *buf = NULL, *pem_ptr = NULL;
! 815: CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
! 816:
! 817: /* if a path wasn't specified, don't pin */
! 818: if(!pinnedpubkey)
! 819: return CURLE_OK;
! 820: if(!pubkey || !pubkeylen)
! 821: return result;
! 822:
! 823: /* only do this if pinnedpubkey starts with "sha256//", length 8 */
! 824: if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
! 825: CURLcode encode;
! 826: size_t encodedlen, pinkeylen;
! 827: char *encoded, *pinkeycopy, *begin_pos, *end_pos;
! 828: unsigned char *sha256sumdigest;
! 829:
! 830: if(!Curl_ssl->sha256sum) {
! 831: /* without sha256 support, this cannot match */
! 832: return result;
! 833: }
! 834:
! 835: /* compute sha256sum of public key */
! 836: sha256sumdigest = malloc(CURL_SHA256_DIGEST_LENGTH);
! 837: if(!sha256sumdigest)
! 838: return CURLE_OUT_OF_MEMORY;
! 839: encode = Curl_ssl->sha256sum(pubkey, pubkeylen,
! 840: sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
! 841:
! 842: if(encode != CURLE_OK)
! 843: return encode;
! 844:
! 845: encode = Curl_base64_encode(data, (char *)sha256sumdigest,
! 846: CURL_SHA256_DIGEST_LENGTH, &encoded,
! 847: &encodedlen);
! 848: Curl_safefree(sha256sumdigest);
! 849:
! 850: if(encode)
! 851: return encode;
! 852:
! 853: infof(data, "\t public key hash: sha256//%s\n", encoded);
! 854:
! 855: /* it starts with sha256//, copy so we can modify it */
! 856: pinkeylen = strlen(pinnedpubkey) + 1;
! 857: pinkeycopy = malloc(pinkeylen);
! 858: if(!pinkeycopy) {
! 859: Curl_safefree(encoded);
! 860: return CURLE_OUT_OF_MEMORY;
! 861: }
! 862: memcpy(pinkeycopy, pinnedpubkey, pinkeylen);
! 863: /* point begin_pos to the copy, and start extracting keys */
! 864: begin_pos = pinkeycopy;
! 865: do {
! 866: end_pos = strstr(begin_pos, ";sha256//");
! 867: /*
! 868: * if there is an end_pos, null terminate,
! 869: * otherwise it'll go to the end of the original string
! 870: */
! 871: if(end_pos)
! 872: end_pos[0] = '\0';
! 873:
! 874: /* compare base64 sha256 digests, 8 is the length of "sha256//" */
! 875: if(encodedlen == strlen(begin_pos + 8) &&
! 876: !memcmp(encoded, begin_pos + 8, encodedlen)) {
! 877: result = CURLE_OK;
! 878: break;
! 879: }
! 880:
! 881: /*
! 882: * change back the null-terminator we changed earlier,
! 883: * and look for next begin
! 884: */
! 885: if(end_pos) {
! 886: end_pos[0] = ';';
! 887: begin_pos = strstr(end_pos, "sha256//");
! 888: }
! 889: } while(end_pos && begin_pos);
! 890: Curl_safefree(encoded);
! 891: Curl_safefree(pinkeycopy);
! 892: return result;
! 893: }
! 894:
! 895: fp = fopen(pinnedpubkey, "rb");
! 896: if(!fp)
! 897: return result;
! 898:
! 899: do {
! 900: long filesize;
! 901: size_t size, pem_len;
! 902: CURLcode pem_read;
! 903:
! 904: /* Determine the file's size */
! 905: if(fseek(fp, 0, SEEK_END))
! 906: break;
! 907: filesize = ftell(fp);
! 908: if(fseek(fp, 0, SEEK_SET))
! 909: break;
! 910: if(filesize < 0 || filesize > MAX_PINNED_PUBKEY_SIZE)
! 911: break;
! 912:
! 913: /*
! 914: * if the size of our certificate is bigger than the file
! 915: * size then it can't match
! 916: */
! 917: size = curlx_sotouz((curl_off_t) filesize);
! 918: if(pubkeylen > size)
! 919: break;
! 920:
! 921: /*
! 922: * Allocate buffer for the pinned key
! 923: * With 1 additional byte for null terminator in case of PEM key
! 924: */
! 925: buf = malloc(size + 1);
! 926: if(!buf)
! 927: break;
! 928:
! 929: /* Returns number of elements read, which should be 1 */
! 930: if((int) fread(buf, size, 1, fp) != 1)
! 931: break;
! 932:
! 933: /* If the sizes are the same, it can't be base64 encoded, must be der */
! 934: if(pubkeylen == size) {
! 935: if(!memcmp(pubkey, buf, pubkeylen))
! 936: result = CURLE_OK;
! 937: break;
! 938: }
! 939:
! 940: /*
! 941: * Otherwise we will assume it's PEM and try to decode it
! 942: * after placing null terminator
! 943: */
! 944: buf[size] = '\0';
! 945: pem_read = pubkey_pem_to_der((const char *)buf, &pem_ptr, &pem_len);
! 946: /* if it wasn't read successfully, exit */
! 947: if(pem_read)
! 948: break;
! 949:
! 950: /*
! 951: * if the size of our certificate doesn't match the size of
! 952: * the decoded file, they can't be the same, otherwise compare
! 953: */
! 954: if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen))
! 955: result = CURLE_OK;
! 956: } while(0);
! 957:
! 958: Curl_safefree(buf);
! 959: Curl_safefree(pem_ptr);
! 960: fclose(fp);
! 961:
! 962: return result;
! 963: }
! 964:
! 965: #ifndef CURL_DISABLE_CRYPTO_AUTH
! 966: CURLcode Curl_ssl_md5sum(unsigned char *tmp, /* input */
! 967: size_t tmplen,
! 968: unsigned char *md5sum, /* output */
! 969: size_t md5len)
! 970: {
! 971: return Curl_ssl->md5sum(tmp, tmplen, md5sum, md5len);
! 972: }
! 973: #endif
! 974:
! 975: /*
! 976: * Check whether the SSL backend supports the status_request extension.
! 977: */
! 978: bool Curl_ssl_cert_status_request(void)
! 979: {
! 980: return Curl_ssl->cert_status_request();
! 981: }
! 982:
! 983: /*
! 984: * Check whether the SSL backend supports false start.
! 985: */
! 986: bool Curl_ssl_false_start(void)
! 987: {
! 988: return Curl_ssl->false_start();
! 989: }
! 990:
! 991: /*
! 992: * Check whether the SSL backend supports setting TLS 1.3 cipher suites
! 993: */
! 994: bool Curl_ssl_tls13_ciphersuites(void)
! 995: {
! 996: return Curl_ssl->supports & SSLSUPP_TLS13_CIPHERSUITES;
! 997: }
! 998:
! 999: /*
! 1000: * Default implementations for unsupported functions.
! 1001: */
! 1002:
! 1003: int Curl_none_init(void)
! 1004: {
! 1005: return 1;
! 1006: }
! 1007:
! 1008: void Curl_none_cleanup(void)
! 1009: { }
! 1010:
! 1011: int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM,
! 1012: int sockindex UNUSED_PARAM)
! 1013: {
! 1014: (void)conn;
! 1015: (void)sockindex;
! 1016: return 0;
! 1017: }
! 1018:
! 1019: int Curl_none_check_cxn(struct connectdata *conn UNUSED_PARAM)
! 1020: {
! 1021: (void)conn;
! 1022: return -1;
! 1023: }
! 1024:
! 1025: CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM,
! 1026: unsigned char *entropy UNUSED_PARAM,
! 1027: size_t length UNUSED_PARAM)
! 1028: {
! 1029: (void)data;
! 1030: (void)entropy;
! 1031: (void)length;
! 1032: return CURLE_NOT_BUILT_IN;
! 1033: }
! 1034:
! 1035: void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM)
! 1036: {
! 1037: (void)data;
! 1038: }
! 1039:
! 1040: void Curl_none_session_free(void *ptr UNUSED_PARAM)
! 1041: {
! 1042: (void)ptr;
! 1043: }
! 1044:
! 1045: bool Curl_none_data_pending(const struct connectdata *conn UNUSED_PARAM,
! 1046: int connindex UNUSED_PARAM)
! 1047: {
! 1048: (void)conn;
! 1049: (void)connindex;
! 1050: return 0;
! 1051: }
! 1052:
! 1053: bool Curl_none_cert_status_request(void)
! 1054: {
! 1055: return FALSE;
! 1056: }
! 1057:
! 1058: CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM,
! 1059: const char *engine UNUSED_PARAM)
! 1060: {
! 1061: (void)data;
! 1062: (void)engine;
! 1063: return CURLE_NOT_BUILT_IN;
! 1064: }
! 1065:
! 1066: CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM)
! 1067: {
! 1068: (void)data;
! 1069: return CURLE_NOT_BUILT_IN;
! 1070: }
! 1071:
! 1072: struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM)
! 1073: {
! 1074: (void)data;
! 1075: return (struct curl_slist *)NULL;
! 1076: }
! 1077:
! 1078: bool Curl_none_false_start(void)
! 1079: {
! 1080: return FALSE;
! 1081: }
! 1082:
! 1083: #ifndef CURL_DISABLE_CRYPTO_AUTH
! 1084: CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
! 1085: unsigned char *md5sum, size_t md5len UNUSED_PARAM)
! 1086: {
! 1087: MD5_context *MD5pw;
! 1088:
! 1089: (void)md5len;
! 1090:
! 1091: MD5pw = Curl_MD5_init(Curl_DIGEST_MD5);
! 1092: if(!MD5pw)
! 1093: return CURLE_OUT_OF_MEMORY;
! 1094: Curl_MD5_update(MD5pw, input, curlx_uztoui(inputlen));
! 1095: Curl_MD5_final(MD5pw, md5sum);
! 1096: return CURLE_OK;
! 1097: }
! 1098: #else
! 1099: CURLcode Curl_none_md5sum(unsigned char *input UNUSED_PARAM,
! 1100: size_t inputlen UNUSED_PARAM,
! 1101: unsigned char *md5sum UNUSED_PARAM,
! 1102: size_t md5len UNUSED_PARAM)
! 1103: {
! 1104: (void)input;
! 1105: (void)inputlen;
! 1106: (void)md5sum;
! 1107: (void)md5len;
! 1108: return CURLE_NOT_BUILT_IN;
! 1109: }
! 1110: #endif
! 1111:
! 1112: static int Curl_multissl_init(void)
! 1113: {
! 1114: if(multissl_init(NULL))
! 1115: return 1;
! 1116: return Curl_ssl->init();
! 1117: }
! 1118:
! 1119: static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex)
! 1120: {
! 1121: if(multissl_init(NULL))
! 1122: return CURLE_FAILED_INIT;
! 1123: return Curl_ssl->connect_blocking(conn, sockindex);
! 1124: }
! 1125:
! 1126: static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn,
! 1127: int sockindex, bool *done)
! 1128: {
! 1129: if(multissl_init(NULL))
! 1130: return CURLE_FAILED_INIT;
! 1131: return Curl_ssl->connect_nonblocking(conn, sockindex, done);
! 1132: }
! 1133:
! 1134: static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl,
! 1135: CURLINFO info)
! 1136: {
! 1137: if(multissl_init(NULL))
! 1138: return NULL;
! 1139: return Curl_ssl->get_internals(connssl, info);
! 1140: }
! 1141:
! 1142: static void Curl_multissl_close(struct connectdata *conn, int sockindex)
! 1143: {
! 1144: if(multissl_init(NULL))
! 1145: return;
! 1146: Curl_ssl->close_one(conn, sockindex);
! 1147: }
! 1148:
! 1149: static const struct Curl_ssl Curl_ssl_multi = {
! 1150: { CURLSSLBACKEND_NONE, "multi" }, /* info */
! 1151: 0, /* supports nothing */
! 1152: (size_t)-1, /* something insanely large to be on the safe side */
! 1153:
! 1154: Curl_multissl_init, /* init */
! 1155: Curl_none_cleanup, /* cleanup */
! 1156: Curl_multissl_version, /* version */
! 1157: Curl_none_check_cxn, /* check_cxn */
! 1158: Curl_none_shutdown, /* shutdown */
! 1159: Curl_none_data_pending, /* data_pending */
! 1160: Curl_none_random, /* random */
! 1161: Curl_none_cert_status_request, /* cert_status_request */
! 1162: Curl_multissl_connect, /* connect */
! 1163: Curl_multissl_connect_nonblocking, /* connect_nonblocking */
! 1164: Curl_multissl_get_internals, /* get_internals */
! 1165: Curl_multissl_close, /* close_one */
! 1166: Curl_none_close_all, /* close_all */
! 1167: Curl_none_session_free, /* session_free */
! 1168: Curl_none_set_engine, /* set_engine */
! 1169: Curl_none_set_engine_default, /* set_engine_default */
! 1170: Curl_none_engines_list, /* engines_list */
! 1171: Curl_none_false_start, /* false_start */
! 1172: Curl_none_md5sum, /* md5sum */
! 1173: NULL /* sha256sum */
! 1174: };
! 1175:
! 1176: const struct Curl_ssl *Curl_ssl =
! 1177: #if defined(CURL_WITH_MULTI_SSL)
! 1178: &Curl_ssl_multi;
! 1179: #elif defined(USE_WOLFSSL)
! 1180: &Curl_ssl_wolfssl;
! 1181: #elif defined(USE_SECTRANSP)
! 1182: &Curl_ssl_sectransp;
! 1183: #elif defined(USE_GNUTLS)
! 1184: &Curl_ssl_gnutls;
! 1185: #elif defined(USE_GSKIT)
! 1186: &Curl_ssl_gskit;
! 1187: #elif defined(USE_MBEDTLS)
! 1188: &Curl_ssl_mbedtls;
! 1189: #elif defined(USE_NSS)
! 1190: &Curl_ssl_nss;
! 1191: #elif defined(USE_OPENSSL)
! 1192: &Curl_ssl_openssl;
! 1193: #elif defined(USE_SCHANNEL)
! 1194: &Curl_ssl_schannel;
! 1195: #elif defined(USE_MESALINK)
! 1196: &Curl_ssl_mesalink;
! 1197: #elif defined(USE_BEARSSL)
! 1198: &Curl_ssl_bearssl;
! 1199: #else
! 1200: #error "Missing struct Curl_ssl for selected SSL backend"
! 1201: #endif
! 1202:
! 1203: static const struct Curl_ssl *available_backends[] = {
! 1204: #if defined(USE_WOLFSSL)
! 1205: &Curl_ssl_wolfssl,
! 1206: #endif
! 1207: #if defined(USE_SECTRANSP)
! 1208: &Curl_ssl_sectransp,
! 1209: #endif
! 1210: #if defined(USE_GNUTLS)
! 1211: &Curl_ssl_gnutls,
! 1212: #endif
! 1213: #if defined(USE_GSKIT)
! 1214: &Curl_ssl_gskit,
! 1215: #endif
! 1216: #if defined(USE_MBEDTLS)
! 1217: &Curl_ssl_mbedtls,
! 1218: #endif
! 1219: #if defined(USE_NSS)
! 1220: &Curl_ssl_nss,
! 1221: #endif
! 1222: #if defined(USE_OPENSSL)
! 1223: &Curl_ssl_openssl,
! 1224: #endif
! 1225: #if defined(USE_SCHANNEL)
! 1226: &Curl_ssl_schannel,
! 1227: #endif
! 1228: #if defined(USE_MESALINK)
! 1229: &Curl_ssl_mesalink,
! 1230: #endif
! 1231: #if defined(USE_BEARSSL)
! 1232: &Curl_ssl_bearssl,
! 1233: #endif
! 1234: NULL
! 1235: };
! 1236:
! 1237: static size_t Curl_multissl_version(char *buffer, size_t size)
! 1238: {
! 1239: static const struct Curl_ssl *selected;
! 1240: static char backends[200];
! 1241: static size_t backends_len;
! 1242: const struct Curl_ssl *current;
! 1243:
! 1244: current = Curl_ssl == &Curl_ssl_multi ? available_backends[0] : Curl_ssl;
! 1245:
! 1246: if(current != selected) {
! 1247: char *p = backends;
! 1248: char *end = backends + sizeof(backends);
! 1249: int i;
! 1250:
! 1251: selected = current;
! 1252:
! 1253: backends[0] = '\0';
! 1254:
! 1255: for(i = 0; available_backends[i]; ++i) {
! 1256: char vb[200];
! 1257: bool paren = (selected != available_backends[i]);
! 1258:
! 1259: if(available_backends[i]->version(vb, sizeof(vb))) {
! 1260: p += msnprintf(p, end - p, "%s%s%s%s", (p != backends ? " " : ""),
! 1261: (paren ? "(" : ""), vb, (paren ? ")" : ""));
! 1262: }
! 1263: }
! 1264:
! 1265: backends_len = p - backends;
! 1266: }
! 1267:
! 1268: if(!size)
! 1269: return 0;
! 1270:
! 1271: if(size <= backends_len) {
! 1272: strncpy(buffer, backends, size - 1);
! 1273: buffer[size - 1] = '\0';
! 1274: return size - 1;
! 1275: }
! 1276:
! 1277: strcpy(buffer, backends);
! 1278: return backends_len;
! 1279: }
! 1280:
! 1281: static int multissl_init(const struct Curl_ssl *backend)
! 1282: {
! 1283: const char *env;
! 1284: char *env_tmp;
! 1285:
! 1286: if(Curl_ssl != &Curl_ssl_multi)
! 1287: return 1;
! 1288:
! 1289: if(backend) {
! 1290: Curl_ssl = backend;
! 1291: return 0;
! 1292: }
! 1293:
! 1294: if(!available_backends[0])
! 1295: return 1;
! 1296:
! 1297: env = env_tmp = curl_getenv("CURL_SSL_BACKEND");
! 1298: #ifdef CURL_DEFAULT_SSL_BACKEND
! 1299: if(!env)
! 1300: env = CURL_DEFAULT_SSL_BACKEND;
! 1301: #endif
! 1302: if(env) {
! 1303: int i;
! 1304: for(i = 0; available_backends[i]; i++) {
! 1305: if(strcasecompare(env, available_backends[i]->info.name)) {
! 1306: Curl_ssl = available_backends[i];
! 1307: curl_free(env_tmp);
! 1308: return 0;
! 1309: }
! 1310: }
! 1311: }
! 1312:
! 1313: /* Fall back to first available backend */
! 1314: Curl_ssl = available_backends[0];
! 1315: curl_free(env_tmp);
! 1316: return 0;
! 1317: }
! 1318:
! 1319: CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
! 1320: const curl_ssl_backend ***avail)
! 1321: {
! 1322: int i;
! 1323:
! 1324: if(avail)
! 1325: *avail = (const curl_ssl_backend **)&available_backends;
! 1326:
! 1327: if(Curl_ssl != &Curl_ssl_multi)
! 1328: return id == Curl_ssl->info.id ||
! 1329: (name && strcasecompare(name, Curl_ssl->info.name)) ?
! 1330: CURLSSLSET_OK :
! 1331: #if defined(CURL_WITH_MULTI_SSL)
! 1332: CURLSSLSET_TOO_LATE;
! 1333: #else
! 1334: CURLSSLSET_UNKNOWN_BACKEND;
! 1335: #endif
! 1336:
! 1337: for(i = 0; available_backends[i]; i++) {
! 1338: if(available_backends[i]->info.id == id ||
! 1339: (name && strcasecompare(available_backends[i]->info.name, name))) {
! 1340: multissl_init(available_backends[i]);
! 1341: return CURLSSLSET_OK;
! 1342: }
! 1343: }
! 1344:
! 1345: return CURLSSLSET_UNKNOWN_BACKEND;
! 1346: }
! 1347:
! 1348: #else /* USE_SSL */
! 1349: CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
! 1350: const curl_ssl_backend ***avail)
! 1351: {
! 1352: (void)id;
! 1353: (void)name;
! 1354: (void)avail;
! 1355: return CURLSSLSET_NO_BACKENDS;
! 1356: }
! 1357:
! 1358: #endif /* !USE_SSL */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to vtls.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib / vtls