generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- I did a cleanup of the internal generic SSL layer and how the various SSL

Browse Source 
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
This commit is contained in:
Daniel Stenberg
2008-06-11 17:01:58 +00:00
parent 5980b3cbb0
commit 04d5c8fb77
9 changed files with 187 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
CHANGES
View File

@@ -7,6 +7,28 @@
Changelog Changelog
Daniel Stenberg (11 Jun 2008)
- I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
code does a set of defines for the 16 functions the generic layer (sslgen.c)
uses (all these new function defines use the prefix "curlssl_"). This
greatly simplified the generic layer in readability by involving much less
#ifdefs and other preprocessor stuff and should make it easier for people to
make libcurl work with new SSL libraries.
Hopefully I can later on document these 16 functions somewhat as well.
I also made most of the internal SSL-dependent functions (using Curl_ssl_
prefix) #defined to nothing when no SSL support is requested - previously
they would unnecessarily call mostly empty functions.
I've built libcurl with OpenSSL and GnuTLS and without SSL to test this and
I've also tried building with NSS but the NSS support is a mystery to me and
I failed to build libcurl with the NSS libraries I have installed. We really
should A) improve our configure script to detect unsuitable NSS versions
already at configure time and B) document our requirements better for the
SSL libraries.
Daniel Stenberg (10 Jun 2008) Daniel Stenberg (10 Jun 2008)
- I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE - I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE
functionality killed it due to its unconditional use of functionality killed it due to its unconditional use of

21
lib/gtls.h
View File

@@ -22,6 +22,9 @@
* *
* $Id$ * $Id$
***************************************************************************/ ***************************************************************************/
#ifdef USE_GNUTLS
int Curl_gtls_init(void); int Curl_gtls_init(void);
int Curl_gtls_cleanup(void); int Curl_gtls_cleanup(void);
CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex); CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
@@ -45,4 +48,22 @@ void Curl_gtls_session_free(void *ptr);
size_t Curl_gtls_version(char *buffer, size_t size); size_t Curl_gtls_version(char *buffer, size_t size);
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex); int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup
#define curlssl_connect Curl_gtls_connect
#define curlssl_session_free(x) Curl_gtls_session_free(x)
#define curlssl_close_all Curl_gtls_close_all
#define curlssl_close Curl_gtls_close
#define curlssl_shutdown(x,y) Curl_gtls_shutdown(x,y)
#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT)
#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT)
#define curlssl_engines_list(x) (x=x, NULL)
#define curlssl_send Curl_gtls_send
#define curlssl_recv Curl_gtls_recv
#define curlssl_version Curl_gtls_version
#define curlssl_check_cxn(x) (x=x, -1)
#define curlssl_data_pending(x,y) (x=x, y=y, 0)
#endif /* USE_GNUTLS */
#endif #endif

3
lib/nss.c
View File

@@ -743,7 +743,8 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
* issuer check, so we provide comments that mimic the OpenSSL * issuer check, so we provide comments that mimic the OpenSSL
* X509_check_issued function (in x509v3/v3_purp.c) * X509_check_issued function (in x509v3/v3_purp.c)
*/ */
static SECStatus check_issuer_cert(struct connectdata *conn, PRFileDesc *sock, static SECStatus check_issuer_cert(struct connectdata *conn,
PRFileDesc *sock,
char* issuer_nickname) char* issuer_nickname)
{ {
CERTCertificate *cert,*cert_issuer,*issuer; CERTCertificate *cert,*cert_issuer,*issuer;

24
lib/nssg.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -23,6 +23,7 @@
* $Id$ * $Id$
***************************************************************************/ ***************************************************************************/
#ifdef USE_NSS
/* /*
* This header should only be needed to get included by sslgen.c and nss.c * This header should only be needed to get included by sslgen.c and nss.c
*/ */
@@ -56,4 +57,25 @@ size_t Curl_nss_version(char *buffer, size_t size);
int Curl_nss_check_cxn(struct connectdata *cxn); int Curl_nss_check_cxn(struct connectdata *cxn);
int Curl_nss_seed(struct SessionHandle *data); int Curl_nss_seed(struct SessionHandle *data);
/* API setup for NSS */
#define curlssl_init Curl_nss_init
#define curlssl_cleanup Curl_nss_cleanup
#define curlssl_connect Curl_nss_connect
/* NSS has its own session ID cache */
#define curlssl_session_free(x)
#define curlssl_close_all Curl_nss_close_all
#define curlssl_close Curl_nss_close
/* NSS has no shutdown function provided and thus always fail */
#define curlssl_shutdown(x,y) (x=x, y=y, 1)
#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT)
#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT)
#define curlssl_engines_list(x) (x=x, NULL)
#define curlssl_send Curl_nss_send
#define curlssl_recv Curl_nss_recv
#define curlssl_version Curl_nss_version
#define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
#define curlssl_data_pending(x,y) (x=x, y=y, 0)
#endif /* USE_NSS */
#endif #endif

22
lib/qssl.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -29,6 +29,7 @@
#include "urldata.h" #include "urldata.h"
#ifdef USE_QSOSSL
int Curl_qsossl_init(void); int Curl_qsossl_init(void);
void Curl_qsossl_cleanup(void); void Curl_qsossl_cleanup(void);
CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex); CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
@@ -49,4 +50,23 @@ ssize_t Curl_qsossl_recv(struct connectdata * conn, /* connection data */
size_t Curl_qsossl_version(char * buffer, size_t size); size_t Curl_qsossl_version(char * buffer, size_t size);
int Curl_qsossl_check_cxn(struct connectdata * cxn); int Curl_qsossl_check_cxn(struct connectdata * cxn);
/* API setup for QsoSSL */
#define curlssl_init Curl_qossl_init
#define curlssl_cleanup Curl_qossl_cleanup
#define curlssl_connect Curl_qossl_connect
/* No session handling for QsoSSL */
#define curlssl_session_free(x)
#define curlssl_close_all Curl_qsossl_close_all
#define curlssl_close Curl_qsossl_close
#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y)
#define curlssl_set_engine(x,y) CURLE_FAILED_INIT
#define curlssl_set_engine_default(x) CURLE_FAILED_INIT
#define curlssl_engines_list(x) NULL
#define curlssl_send Curl_qsossl_send
#define curlssl_recv Curl_qsossl_recv
#define curlssl_version Curl_qsossl_version
#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x)
#define curlssl_data_pending(x,y) 0
#endif /* USE_QSOSSL */
#endif #endif

360
lib/sslgen.c
View File

@@ -33,6 +33,9 @@
Curl_gtls_ - prefix for GnuTLS ones Curl_gtls_ - prefix for GnuTLS ones
Curl_nss_ - prefix for NSS ones Curl_nss_ - prefix for NSS ones
Note that this source code uses curlssl_* functions, and they are all
defines/macros #defined by the lib-specific header files.
"SSL/TLS Strong Encryption: An Introduction" "SSL/TLS Strong Encryption: An Introduction"
http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
*/ */
@@ -60,9 +63,6 @@
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
/* "global" init done? */
static bool init_ssl=FALSE;
static bool safe_strequal(char* str1, char* str2); static bool safe_strequal(char* str1, char* str2);
static bool safe_strequal(char* str1, char* str2) static bool safe_strequal(char* str1, char* str2)
@@ -143,6 +143,11 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc)
Curl_safefree(sslc->random_file); Curl_safefree(sslc->random_file);
} }
#ifdef USE_SSL
/* "global" init done? */
static bool init_ssl=FALSE;
/** /**
* Global SSL init * Global SSL init
* *
@@ -156,24 +161,7 @@ int Curl_ssl_init(void)
return 1; return 1;
init_ssl = TRUE; /* never again */ init_ssl = TRUE; /* never again */
#ifdef USE_SSLEAY return curlssl_init();
return Curl_ossl_init();
#else
#ifdef USE_GNUTLS
return Curl_gtls_init();
#else
#ifdef USE_NSS
return Curl_nss_init();
#else
#ifdef USE_QSOSSL
return Curl_qsossl_init();
#else
/* no SSL support */
return 1;
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
@@ -182,21 +170,7 @@ void Curl_ssl_cleanup(void)
{ {
if(init_ssl) { if(init_ssl) {
/* only cleanup if we did a previous init */ /* only cleanup if we did a previous init */
#ifdef USE_SSLEAY curlssl_cleanup();
Curl_ossl_cleanup();
#else
#ifdef USE_GNUTLS
Curl_gtls_cleanup();
#else
#ifdef USE_NSS
Curl_nss_cleanup();
#else
#ifdef USE_QSOSSL
Curl_qsossl_cleanup();
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
init_ssl = FALSE; init_ssl = FALSE;
} }
} }
@@ -204,67 +178,28 @@ void Curl_ssl_cleanup(void)
CURLcode CURLcode
Curl_ssl_connect(struct connectdata *conn, int sockindex) Curl_ssl_connect(struct connectdata *conn, int sockindex)
{ {
#ifdef USE_SSL /* mark this is being ssl-enabled from here on. */
/* mark this is being ssl enabled from here on. */
conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].use = TRUE;
conn->ssl[sockindex].state = ssl_connection_negotiating; conn->ssl[sockindex].state = ssl_connection_negotiating;
#ifdef USE_SSLEAY return curlssl_connect(conn, sockindex);
return Curl_ossl_connect(conn, sockindex);
#else
#ifdef USE_GNUTLS
return Curl_gtls_connect(conn, sockindex);
#else
#ifdef USE_NSS
return Curl_nss_connect(conn, sockindex);
#else
#ifdef USE_QSOSSL
return Curl_qsossl_connect(conn, sockindex);
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
#else
/* without SSL */
(void)conn;
(void)sockindex;
return CURLE_OK;
#endif /* USE_SSL */
} }
CURLcode CURLcode
Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done) bool *done)
{ {
#if defined(USE_SSL) && defined(USE_SSLEAY) #ifdef curlssl_connect_nonblocking
/* mark this is being ssl enabled from here on. */ /* mark this is being ssl requested from here on. */
conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].use = TRUE;
return Curl_ossl_connect_nonblocking(conn, sockindex, done); return Curl_ossl_connect_nonblocking(conn, sockindex, done);
#else #else
#ifdef USE_NSS
*done = TRUE; /* fallback to BLOCKING */ *done = TRUE; /* fallback to BLOCKING */
conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].use = TRUE;
return Curl_nss_connect(conn, sockindex); return curlssl_connect(conn, sockindex);
#else #endif /* non-blocking connect support */
#ifdef USE_QSOSSL
*done = TRUE; /* fallback to BLOCKING */
conn->ssl[sockindex].use = TRUE;
return Curl_qsossl_connect(conn, sockindex);
#else
/* not implemented!
fallback to BLOCKING call. */
*done = TRUE;
conn->ssl[sockindex].use = TRUE;
return Curl_ssl_connect(conn, sockindex);
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_SSLEAY */
} }
#ifdef USE_SSL
/* /*
* Check if there's a session ID for the given connection in the cache, and if * Check if there's a session ID for the given connection in the cache, and if
* there's one suitable, it is provided. Returns TRUE when no entry matched. * there's one suitable, it is provided. Returns TRUE when no entry matched.
@@ -311,21 +246,8 @@ static int kill_session(struct curl_ssl_session *session)
/* defensive check */ /* defensive check */
/* free the ID the SSL-layer specific way */ /* free the ID the SSL-layer specific way */
#ifdef USE_SSLEAY curlssl_session_free(session->sessionid);
Curl_ossl_session_free(session->sessionid);
#else
#ifdef USE_GNUTLS
Curl_gtls_session_free(session->sessionid);
#else
#ifdef USE_QSOSSL
/* No session handling for QsoSSL. */
#else
#ifdef USE_NSS
/* NSS has its own session ID cache */
#endif /* USE_NSS */
#endif /* USE_QSOSSL */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
session->sessionid=NULL; session->sessionid=NULL;
session->age = 0; /* fresh */ session->age = 0; /* fresh */
@@ -398,11 +320,8 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
} }
#endif /* USE_SSL */
void Curl_ssl_close_all(struct SessionHandle *data) void Curl_ssl_close_all(struct SessionHandle *data)
{ {
#ifdef USE_SSL
long i; long i;
/* kill the session ID cache */ /* kill the session ID cache */
if(data->state.session) { if(data->state.session) {
@@ -414,64 +333,20 @@ void Curl_ssl_close_all(struct SessionHandle *data)
free(data->state.session); free(data->state.session);
data->state.session = NULL; data->state.session = NULL;
} }
#ifdef USE_SSLEAY
Curl_ossl_close_all(data); curlssl_close_all(data);
#else
#ifdef USE_GNUTLS
Curl_gtls_close_all(data);
#else
#ifdef USE_NSS
Curl_nss_close_all(data);
#else
#ifdef USE_QSOSSL
Curl_qsossl_close_all(data);
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
#else /* USE_SSL */
(void)data;
#endif /* USE_SSL */
} }
void Curl_ssl_close(struct connectdata *conn, int sockindex) void Curl_ssl_close(struct connectdata *conn, int sockindex)
{ {
DEBUGASSERT((sockindex <= 1) && (sockindex >= -1)); DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
curlssl_close(conn, sockindex);
#ifdef USE_SSLEAY
Curl_ossl_close(conn, sockindex);
#endif /* USE_SSLEAY */
#ifdef USE_GNUTLS
Curl_gtls_close(conn, sockindex);
#endif /* USE_GNUTLS */
#ifdef USE_NSS
Curl_nss_close(conn, sockindex);
#endif /* USE_NSS */
#ifdef USE_QSOSSL
Curl_qsossl_close(conn, sockindex);
#endif /* USE_QSOSSL */
#ifndef USE_SSL
(void)conn;
(void)sockindex;
#endif /* !USE_SSL */
} }
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex) CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
{ {
#ifdef USE_SSLEAY if(curlssl_shutdown(conn, sockindex))
if(Curl_ossl_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED; return CURLE_SSL_SHUTDOWN_FAILED;
#else
#ifdef USE_GNUTLS
if(Curl_gtls_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
#else
#ifdef USE_QSOSSL
if(Curl_qsossl_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
#endif /* USE_QSOSSL */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */ conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
conn->ssl[sockindex].state = ssl_connection_none; conn->ssl[sockindex].state = ssl_connection_none;
@@ -479,100 +354,24 @@ CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
/* Selects an (Open)SSL crypto engine /* Selects an SSL crypto engine
*/ */
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine) CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
{ {
#ifdef USE_SSLEAY return curlssl_set_engine(data, engine);
return Curl_ossl_set_engine(data, engine);
#else
#ifdef USE_GNUTLS
/* FIX: add code here */
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#else
#ifdef USE_NSS
/* NSS doesn't set an engine this way */
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#else
#ifdef USE_QSOSSL
/* QSOSSL doesn't set an engine this way */
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#else
/* no SSL layer */
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
/* Selects an (Open?)SSL crypto engine /* Selects the default SSL crypto engine
*/ */
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data) CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
{ {
#ifdef USE_SSLEAY return curlssl_set_engine_default(data);
return Curl_ossl_set_engine_default(data);
#else
#ifdef USE_GNUTLS
/* FIX: add code here */
(void)data;
return CURLE_FAILED_INIT;
#else
#ifdef USE_NSS
/* A no-op for NSS */
(void)data;
return CURLE_FAILED_INIT;
#else
#ifdef USE_QSOSSL
/* A no-op for QSOSSL */
(void)data;
return CURLE_FAILED_INIT;
#else
/* No SSL layer */
(void)data;
return CURLE_FAILED_INIT;
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
/* Return list of OpenSSL crypto engine names. */ /* Return list of OpenSSL crypto engine names. */
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data) struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
{ {
#ifdef USE_SSLEAY return curlssl_engines_list(data);
return Curl_ossl_engines_list(data);
#else
#ifdef USE_GNUTLS
/* FIX: add code here? */
(void)data;
return NULL;
#else
#ifdef USE_NSS
/* In theory we could return the PKCS#11 modules loaded but that
* would just confuse things */
(void)data;
return NULL;
#else
#ifdef USE_QSOSSL
/* No engine support in QSOSSL. */
(void)data;
return NULL;
#else
(void)data;
return NULL;
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
/* return number of sent (non-SSL) bytes */ /* return number of sent (non-SSL) bytes */
@@ -581,27 +380,7 @@ ssize_t Curl_ssl_send(struct connectdata *conn,
const void *mem, const void *mem,
size_t len) size_t len)
{ {
#ifdef USE_SSLEAY return curlssl_send(conn, sockindex, mem, len);
return Curl_ossl_send(conn, sockindex, mem, len);
#else
#ifdef USE_GNUTLS
return Curl_gtls_send(conn, sockindex, mem, len);
#else
#ifdef USE_NSS
return Curl_nss_send(conn, sockindex, mem, len);
#else
#ifdef USE_QSOSSL
return Curl_qsossl_send(conn, sockindex, mem, len);
#else
(void)conn;
(void)sockindex;
(void)mem;
(void)len;
return 0;
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
/* return number of received (decrypted) bytes */ /* return number of received (decrypted) bytes */
@@ -615,25 +394,10 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
char *mem, /* store read data here */ char *mem, /* store read data here */
size_t len) /* max amount to read */ size_t len) /* max amount to read */
{ {
#ifdef USE_SSL
ssize_t nread; ssize_t nread;
bool block = FALSE; bool block = FALSE;
#ifdef USE_SSLEAY nread = curlssl_recv(conn, sockindex, mem, len, &block);
nread = Curl_ossl_recv(conn, sockindex, mem, len, &block);
#else
#ifdef USE_GNUTLS
nread = Curl_gtls_recv(conn, sockindex, mem, len, &block);
#else
#ifdef USE_NSS
nread = Curl_nss_recv(conn, sockindex, mem, len, &block);
#else
#ifdef USE_QSOSSL
nread = Curl_qsossl_recv(conn, sockindex, mem, len, &block);
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
if(nread == -1) { if(nread == -1) {
if(!block) if(!block)
return 0; /* this is a true error, not EWOULDBLOCK */ return 0; /* this is a true error, not EWOULDBLOCK */
@@ -642,14 +406,6 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
} }
return nread; return nread;
#else /* USE_SSL */
(void)conn;
(void)sockindex;
(void)mem;
(void)len;
return 0;
#endif /* USE_SSL */
} }
@@ -659,7 +415,6 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
*/ */
CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount) CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
{ {
#ifdef USE_SSL
struct curl_ssl_session *session; struct curl_ssl_session *session;
if(data->state.session) if(data->state.session)
@@ -675,39 +430,14 @@ CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
data->set.ssl.numsessions = amount; data->set.ssl.numsessions = amount;
data->state.session = session; data->state.session = session;
data->state.sessionage = 1; /* this is brand new */ data->state.sessionage = 1; /* this is brand new */
#else
/* without SSL, do nothing */
(void)data;
(void)amount;
#endif
return CURLE_OK; return CURLE_OK;
} }
size_t Curl_ssl_version(char *buffer, size_t size) size_t Curl_ssl_version(char *buffer, size_t size)
{ {
#ifdef USE_SSLEAY return curlssl_version(buffer, size);
return Curl_ossl_version(buffer, size);
#else
#ifdef USE_GNUTLS
return Curl_gtls_version(buffer, size);
#else
#ifdef USE_NSS
return Curl_nss_version(buffer, size);
#else
#ifdef USE_QSOSSL
return Curl_qsossl_version(buffer, size);
#else
(void)buffer;
(void)size;
return 0; /* no SSL support */
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_GNUTLS */
#endif /* USE_SSLEAY */
} }
/* /*
* This function tries to determine connection status. * This function tries to determine connection status.
* *
@@ -718,35 +448,13 @@ size_t Curl_ssl_version(char *buffer, size_t size)
*/ */
int Curl_ssl_check_cxn(struct connectdata *conn) int Curl_ssl_check_cxn(struct connectdata *conn)
{ {
#ifdef USE_SSLEAY return curlssl_check_cxn(conn);
return Curl_ossl_check_cxn(conn);
#else
#ifdef USE_NSS
return Curl_nss_check_cxn(conn);
#else
#ifdef USE_QSOSSL
return Curl_qsossl_check_cxn(conn);
#else
(void)conn;
/* TODO: we lack implementation of this for GnuTLS */
return -1; /* connection status unknown */
#endif /* USE_QSOSSL */
#endif /* USE_NSS */
#endif /* USE_SSLEAY */
} }
bool Curl_ssl_data_pending(const struct connectdata *conn, bool Curl_ssl_data_pending(const struct connectdata *conn,
int connindex) int connindex)
{ {
#ifdef USE_SSLEAY return curlssl_data_pending(conn, connindex);
/* OpenSSL-specific */
if(conn->ssl[connindex].handle)
/* SSL is in use */
return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
#else
(void)conn;
(void)connindex;
#endif
return FALSE; /* nothing pending */
} }
#endif /* USE_SSL */

46
lib/sslgen.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -29,19 +29,22 @@ bool Curl_clone_ssl_config(struct ssl_config_data* source,
struct ssl_config_data* dest); struct ssl_config_data* dest);
void Curl_free_ssl_config(struct ssl_config_data* sslc); void Curl_free_ssl_config(struct ssl_config_data* sslc);
#ifdef USE_SSL
int Curl_ssl_init(void); int Curl_ssl_init(void);
void Curl_ssl_cleanup(void); void Curl_ssl_cleanup(void);
CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
int sockindex, int sockindex,
bool *done); bool *done);
void Curl_ssl_close(struct connectdata *conn, int sockindex);
/* tell the SSL stuff to close down all open information regarding /* tell the SSL stuff to close down all open information regarding
connections (and thus session ID caching etc) */ connections (and thus session ID caching etc) */
void Curl_ssl_close_all(struct SessionHandle *data); void Curl_ssl_close_all(struct SessionHandle *data);
void Curl_ssl_close(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
/* Sets engine as default for all SSL operations */ /* Sets engine as default for all SSL operations */
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
ssize_t Curl_ssl_send(struct connectdata *conn, ssize_t Curl_ssl_send(struct connectdata *conn,
int sockindex, int sockindex,
const void *mem, const void *mem,
@@ -50,9 +53,34 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
int sockindex, /* socketindex */ int sockindex, /* socketindex */
char *mem, /* store read data here */ char *mem, /* store read data here */
size_t len); /* max amount to read */ size_t len); /* max amount to read */
/* init the SSL session ID cache */ /* init the SSL session ID cache */
CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); CURLcode Curl_ssl_initsessions(struct SessionHandle *, long);
size_t Curl_ssl_version(char *buffer, size_t size);
bool Curl_ssl_data_pending(const struct connectdata *conn,
int connindex);
int Curl_ssl_check_cxn(struct connectdata *conn);
#else
/* When SSL support is not present, just define away these function calls */
#define Curl_ssl_init() 1
#define Curl_ssl_cleanup()
#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT
#define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT)
#define Curl_ssl_close_all(x)
#define Curl_ssl_close(x,y)
#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT
#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT
#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT
#define Curl_ssl_engines_list(x) NULL
#define Curl_ssl_send(a,b,c,d) -1
#define Curl_ssl_recv(a,b,c,d) -1
#define Curl_ssl_initsessions(x,y) CURLE_OK
#define Curl_ssl_version(x,y) 0
#define Curl_ssl_data_pending(x,y) 0
#define Curl_ssl_check_cxn(x) 0
#endif
/* extract a session ID */ /* extract a session ID */
int Curl_ssl_getsessionid(struct connectdata *conn, int Curl_ssl_getsessionid(struct connectdata *conn,
void **ssl_sessionid, void **ssl_sessionid,
@@ -62,18 +90,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void *ssl_sessionid, void *ssl_sessionid,
size_t idsize); size_t idsize);
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
size_t Curl_ssl_version(char *buffer, size_t size);
int Curl_ssl_check_cxn(struct connectdata *conn);
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
bool Curl_ssl_data_pending(const struct connectdata *conn,
int connindex);
#if !defined(USE_SSL) && !defined(SSLGEN_C) #if !defined(USE_SSL) && !defined(SSLGEN_C)
/* set up blank macros for none-SSL builds */ /* set up blank macros for none-SSL builds */
#define Curl_ssl_close_all(x) #define Curl_ssl_close_all(x)

10
lib/ssluse.c
View File

@@ -1936,6 +1936,16 @@ Curl_ossl_connect(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex)
{
if(conn->ssl[connindex].handle)
/* SSL is in use */
return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
else
return FALSE;
}
/* return number of sent (non-SSL) bytes */ /* return number of sent (non-SSL) bytes */
ssize_t Curl_ossl_send(struct connectdata *conn, ssize_t Curl_ossl_send(struct connectdata *conn,
int sockindex, int sockindex,

24
lib/ssluse.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -23,6 +23,7 @@
* $Id$ * $Id$
***************************************************************************/ ***************************************************************************/
#ifdef USE_SSLEAY
/* /*
* This header should only be needed to get included by sslgen.c and ssluse.c * This header should only be needed to get included by sslgen.c and ssluse.c
*/ */
@@ -71,5 +72,26 @@ int Curl_ossl_check_cxn(struct connectdata *cxn);
int Curl_ossl_seed(struct SessionHandle *data); int Curl_ossl_seed(struct SessionHandle *data);
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex); int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex);
/* API setup for OpenSSL */
#define curlssl_init Curl_ossl_init
#define curlssl_cleanup Curl_ossl_cleanup
#define curlssl_connect Curl_ossl_connect
#define curlssl_connect_nonblocking Curl_ossl_connect_nonblocking
#define curlssl_session_free(x) Curl_ossl_session_free(x)
#define curlssl_close_all Curl_ossl_close_all
#define curlssl_close Curl_ossl_close
#define curlssl_shutdown(x,y) Curl_ossl_shutdown(x,y)
#define curlssl_set_engine(x,y) Curl_ossl_set_engine(x,y)
#define curlssl_set_engine_default(x) Curl_ossl_set_engine_default(x)
#define curlssl_engines_list(x) Curl_ossl_engines_list(x)
#define curlssl_send Curl_ossl_send
#define curlssl_recv Curl_ossl_recv
#define curlssl_version Curl_ossl_version
#define curlssl_check_cxn Curl_ossl_check_cxn
#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y)
#endif /* USE_SSLEAY */
#endif #endif