cyassl: CTX callback cosmetic changes and doc fix

- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
This commit is contained in:
Jay Satiro 2015-03-28 00:16:08 -04:00 committed by Daniel Stenberg
parent 623d24f3ee
commit fcdc597b1a
4 changed files with 25 additions and 21 deletions

View File

@ -38,7 +38,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE .SH EXAMPLE
TODO TODO
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.11.0. Only used with the OpenSSL and WolfSSL/CyaSSL backend. Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
backends not supported.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO" .SH "SEE ALSO"

View File

@ -22,7 +22,7 @@
.\" .\"
.TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
.SH NAME .SH NAME
CURLOPT_SSL_CTX_FUNCTION \- openssl specific callback to do SSL magic CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL
.SH SYNOPSIS .SH SYNOPSIS
.nf .nf
#include <curl/curl.h> #include <curl/curl.h>
@ -32,28 +32,28 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
ssl_ctx_callback); ssl_ctx_callback);
.SH DESCRIPTION .SH DESCRIPTION
This option only works for libcurl powered by OpenSSL and WolfSSL/CyaSSL. This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If
If libcurl was built against another SSL library, this functionality is absent. libcurl was built against another SSL library this functionality is absent.
Pass a pointer to your callback function, which should match the prototype Pass a pointer to your callback function, which should match the prototype
shown above. shown above.
This callback function gets called by libcurl just before the initialization This callback function gets called by libcurl just before the initialization
of a SSL connection after having processed all other SSL related options to of an SSL connection after having processed all other SSL related options to
give a last chance to an application to modify the behaviour of openssl's ssl give a last chance to an application to modify the behaviour of the SSL
initialization. The \fIsslctx\fP parameter is actually a pointer to an openssl initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
\fISSL_CTX\fP. If an error is returned from the callback, no attempt to library's \fISSL_CTX\fP. If an error is returned from the callback no attempt
establish a connection is made and the perform operation will return the error to establish a connection is made and the perform operation will return the
code. Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP callback's error code. Set the \fIuserptr\fP argument with the
option. \fICURLOPT_SSL_CTX_DATA(3)\fP option.
This function will get called on all new connections made to a server, during This function will get called on all new connections made to a server, during
the SSL negotiation. The SSL_CTX pointer will be a new one every time. the SSL negotiation. The SSL_CTX pointer will be a new one every time.
To use this properly, a non-trivial amount of knowledge of the openssl To use this properly, a non-trivial amount of knowledge of your SSL library
libraries is necessary. For example, using this function allows you to use is necessary. For example, you can use this function to call library-specific
openssl callbacks to add additional validation code for certificates, and even callbacks to add additional validation code for certificates, and even to
to change the actual URI of a HTTPS request (example used in the lib509 test change the actual URI of a HTTPS request (example used in the lib509 test
case). See also the example section for a replacement of the key, certificate case). See also the example section for a replacement of the key, certificate
and trust file settings. and trust file settings.
.SH DEFAULT .SH DEFAULT
@ -63,7 +63,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE .SH EXAMPLE
TODO TODO
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.11.0. Only supported when built with OpenSSL and WolfSSL/CyaSSL. Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
backends not supported.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO" .SH "SEE ALSO"

View File

@ -191,7 +191,7 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
} }
#endif /* NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM */
/* SSL always tries to verify the peer, this only says whether it should /* SSL always tries to verify the peer, this only says whether it should
* fail to connect if the verification fails, or if it should continue * fail to connect if the verification fails, or if it should continue
@ -213,8 +213,10 @@ cyassl_connect_step1(struct connectdata *conn,
} }
#ifdef NO_FILESYSTEM #ifdef NO_FILESYSTEM
else if(data->set.ssl.verifypeer) { else if(data->set.ssl.verifypeer) {
failf(data, "CyaSSL: unable to verify certificate; no certificate", failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"
" authorities registered"); " with \"no filesystem\". Either disable peer verification"
" (insecure) or if you are building an application with libcurl you"
" can load certificates via CURLOPT_SSL_CTX_FUNCTION.");
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
#endif #endif

View File

@ -46,7 +46,7 @@ int Curl_cyassl_random(struct SessionHandle *data,
/* Set the API backend definition to Schannel */ /* Set the API backend definition to Schannel */
#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */ /* this backend supports CURLOPT_SSL_CTX_* */
#define have_curlssl_ssl_ctx 1 #define have_curlssl_ssl_ctx 1
/* API setup for CyaSSL */ /* API setup for CyaSSL */