generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cyassl: add SSL context callback support for CyaSSL

Browse Source 
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
This commit is contained in:
Kyle L. Huff 2015-03-27 07:22:32 -04:00 committed by Daniel Stenberg
parent 211f1e3c6b
commit d2feb71752
4 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
View File

@ -38,7 +38,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE .SH EXAMPLE
TODO TODO
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.11.0. Only used with the OpenSSL backend. Added in 7.11.0. Only used with the OpenSSL and WolfSSL/CyaSSL backend.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO" .SH "SEE ALSO"

6
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
View File

@ -32,8 +32,8 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
ssl_ctx_callback); ssl_ctx_callback);
.SH DESCRIPTION .SH DESCRIPTION
This option only works for libcurl powered by OpenSSL. If libcurl was built This option only works for libcurl powered by OpenSSL and WolfSSL/CyaSSL.
against another SSL library, this functionality is absent. If libcurl was built against another SSL library, this functionality is absent.
Pass a pointer to your callback function, which should match the prototype Pass a pointer to your callback function, which should match the prototype
shown above. shown above.
@ -63,7 +63,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE .SH EXAMPLE
TODO TODO
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.11.0. Only supported when built with OpenSSL. Added in 7.11.0. Only supported when built with OpenSSL and WolfSSL/CyaSSL.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO" .SH "SEE ALSO"

18
lib/vtls/cyassl.c
View File

@ -201,6 +201,24 @@ cyassl_connect_step1(struct connectdata *conn,
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
NULL); NULL);
/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = CURLE_OK;
result = (*data->set.ssl.fsslctx)(data, conssl->ctx,
data->set.ssl.fsslctxp);
if(result) {
failf(data, "error signaled by ssl ctx callback");
return result;
}
}
#ifdef NO_FILESYSTEM
else if(data->set.ssl.verifypeer) {
failf(data, "CyaSSL: unable to verify certificate; no certificate",
" authorities registered");
return CURLE_SSL_CONNECT_ERROR;
}
#endif
/* Let's make an SSL structure */ /* Let's make an SSL structure */
if(conssl->handle) if(conssl->handle)
SSL_free(conssl->handle); SSL_free(conssl->handle);

3
lib/vtls/cyassl.h
View File

@ -46,6 +46,9 @@ int Curl_cyassl_random(struct SessionHandle *data,
/* Set the API backend definition to Schannel */ /* Set the API backend definition to Schannel */
#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */
#define have_curlssl_ssl_ctx 1
/* API setup for CyaSSL */ /* API setup for CyaSSL */
#define curlssl_init Curl_cyassl_init #define curlssl_init Curl_cyassl_init
#define curlssl_cleanup() Curl_nop_stmt #define curlssl_cleanup() Curl_nop_stmt