generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

polarssl: build with PolarSSL-1.0.0

Browse Source 
With this fix, it should work for PolarSSL-1.0.0 (and SVN-1091 trunk)
and retain compatibility with earlier versions. (Tested with 0.14.1)

PolarSSL still doesn't play nicely with curl's CA bundle (we discussed
this before) but I was at least able to retrieve the
https://www.gmail.com/ login page using a modified ca-certificates.crt
file with all 3 versions of PolarSSL.
This commit is contained in:
Jeff Pohlmeyer 2011-09-13 18:44:41 +02:00 committed by Daniel Stenberg
parent 432044b774
commit 1bac153ea3
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/polarssl.c
View File

@ -39,6 +39,15 @@
#include <polarssl/havege.h> #include <polarssl/havege.h>
#include <polarssl/certs.h> #include <polarssl/certs.h>
#include <polarssl/x509.h> #include <polarssl/x509.h>
#include <polarssl/version.h>
#if POLARSSL_VERSION_NUMBER<0x01000000
/*
Earlier versions of polarssl had no WANT_READ or WANT_WRITE, only TRY_AGAIN
*/
#define POLARSSL_ERR_NET_WANT_READ POLARSSL_ERR_NET_TRY_AGAIN
#define POLARSSL_ERR_NET_WANT_WRITE POLARSSL_ERR_NET_TRY_AGAIN
#endif
#include "urldata.h" #include "urldata.h"
#include "sendf.h" #include "sendf.h"
@ -186,8 +195,12 @@ Curl_polarssl_connect(struct connectdata *conn,
net_recv, &conn->sock[sockindex], net_recv, &conn->sock[sockindex],
net_send, &conn->sock[sockindex]); net_send, &conn->sock[sockindex]);
ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers);
#if POLARSSL_VERSION_NUMBER<0x01000000
ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers);
#else
ssl_set_ciphersuites(&conn->ssl[sockindex].ssl, ssl_default_ciphersuites);
#endif
if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size); memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size);
infof(data, "PolarSSL re-using session\n"); infof(data, "PolarSSL re-using session\n");
@ -222,7 +235,8 @@ Curl_polarssl_connect(struct connectdata *conn,
for(;;) { for(;;) {
if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl))) if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl)))
break; break;
else if(ret != POLARSSL_ERR_NET_TRY_AGAIN) { else if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE ) {
failf(data, "ssl_handshake returned -0x%04X", -ret); failf(data, "ssl_handshake returned -0x%04X", -ret);
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
@ -252,7 +266,11 @@ Curl_polarssl_connect(struct connectdata *conn,
} }
infof(data, "PolarSSL: Handshake complete, cipher is %s\n", infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
#if POLARSSL_VERSION_NUMBER<0x01000000
ssl_get_cipher(&conn->ssl[sockindex].ssl)); ssl_get_cipher(&conn->ssl[sockindex].ssl));
#else
ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl));
#endif
ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);
@ -316,7 +334,7 @@ static ssize_t polarssl_send(struct connectdata *conn,
(unsigned char *)mem, len); (unsigned char *)mem, len);
if(ret < 0) { if(ret < 0) {
*curlcode = (ret == POLARSSL_ERR_NET_TRY_AGAIN) ? *curlcode = (ret == POLARSSL_ERR_NET_WANT_WRITE) ?
CURLE_AGAIN : CURLE_SEND_ERROR; CURLE_AGAIN : CURLE_SEND_ERROR;
ret = -1; ret = -1;
} }
@ -354,7 +372,7 @@ static ssize_t polarssl_recv(struct connectdata *conn,
if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
return 0; return 0;
*curlcode = (ret == POLARSSL_ERR_NET_TRY_AGAIN) ? *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ?
CURLE_AGAIN : CURLE_RECV_ERROR; CURLE_AGAIN : CURLE_RECV_ERROR;
return -1; return -1;
} }