Commit Graph

16 Commits

Author SHA1 Message Date
Daniel Stenberg
be0d17e812 cleaned up Curl_write() and the sub functions it uses for various protocols.
They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Daniel Stenberg
4e717cdb30 Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
Gisle Vanem
455087faae Use gnutls_strerror() for clearer error message. 2006-08-16 17:05:54 +00:00
Daniel Stenberg
9bece2b313 additional renames of Curl_ourerrno => Curl_sockerrno 2006-05-05 10:24:27 +00:00
Daniel Stenberg
758f6eed51 Mark Eichin submitted bug report #1480821
(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
problem with how libcurl dealt with GnuTLS and a case where gnutls returned
GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
return code, making Curl_ssl_send() confuse the upper layer - causing random
28 bytes trash data to get inserted in the transfered stream.

The proper fix was to make the Curl_gtls_send() function return the proper
return codes that the callers would expect. The Curl_ossl_send() function
already did this.
2006-05-04 06:00:40 +00:00
Daniel Stenberg
7e81c35cdc to build with old gnutls verions, don't use the *_t types 2005-11-13 23:04:28 +00:00
Daniel Stenberg
5e3836055f Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
2005-11-11 23:20:07 +00:00
Daniel Stenberg
c890149c8c Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report
#1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL
  stream from a server and the server requests a "rehandshake", the current
  code simply returns this as an error. I have no good way to test this, but
  I've added a crude attempt of dealing with this situation slightly better -
  it makes a blocking handshake if this happens. Done like this because fixing
  this the "proper" way (that would handshake asynchronously) will require
  quite some work and I really need a good way to test this to do such a
  change.
2005-10-22 21:05:07 +00:00
Daniel Stenberg
432dfe2b8f Fixed CA cert verification using GnuTLS with the default bundle, which
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
2005-08-24 07:40:13 +00:00
Daniel Stenberg
543fbe14ee Fixed the CN extraction 2005-04-22 20:56:26 +00:00
Daniel Stenberg
e9d068b913 oops, only negative numbers are errors 2005-04-13 21:17:05 +00:00
Daniel Stenberg
316adac511 don't bail out just because the ca file has a problem, it might be OK 2005-04-13 12:38:01 +00:00
Daniel Stenberg
f09e479fd6 Blah, revert my removal of the extra check since the problem is there for real.
Archived thread of the help-gnutls mailing list regarding this problem:

http://lists.gnu.org/archive/html/help-gnutls/2005-04/msg00000.html

(and I _am_ sorry for my confused behaviour on this problem.)
2005-04-09 22:33:14 +00:00
Daniel Stenberg
80fe93bc33 OK, I must've been halucinating or something because I no longer see the
bug I thought I saw before when I changed this...!
2005-04-09 21:38:14 +00:00
Daniel Stenberg
b9f1d43921 Unfortunately, if a ca file name is set the function fails for whatever reason
(missing file, bad file, etc), gnutls will no longer handshake properly but it
just loops forever. Therefore, we must return error if we get an error when
setting the CA cert file name. This is not the same behaviour as with OpenSSL.

Question/report posted to the help-gnutls mailing list, April 8 2005.
2005-04-07 22:47:43 +00:00
Daniel Stenberg
6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00