Commit Graph

34 Commits

Author SHA1 Message Date
Daniel Stenberg
23e5402bec - Rob Crittenden brought a patch to "add some locking for thread-safety to NSS
implementation".
2008-09-23 10:27:04 +00:00
Yang Tse
59e378f48f remove unnecessary typecasting of malloc() 2008-09-06 05:29:05 +00:00
Dan Fandrich
bb67388bbe Made some variables const 2008-09-04 19:43:35 +00:00
Yang Tse
3dcd2b82c4 fix print formatting string directives 2008-09-04 18:59:05 +00:00
Daniel Stenberg
98042b858d made Curl_nss_send() take const data to kill compiler warning 2008-06-21 21:19:42 +00:00
Daniel Stenberg
da97f78ae0 - Phil Pellouchoud found a case where libcurl built with NSS failed to
handshake with a SSLv2 server, and it turned out to be because it didn't
  recognize the cipher named "rc4-md5". In our list that cipher was named
  plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
  that it made things work for him again.
2008-06-20 11:15:54 +00:00
Daniel Stenberg
68b67e24f2 Removed the #define of ciphernum since keeping a define updated to be the
number of entries in a provided table is doomed to fail in the long run. Now
we use the NUM_OF_CIPHERS define instead to figure out the amount.
2008-06-19 05:47:27 +00:00
Daniel Stenberg
c1e2341f0a s/strcasecmp/strequal to make it more portable 2008-06-19 05:42:45 +00:00
Daniel Stenberg
e547bfa933 - Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer
always fire up a new connection rather than using the existing one when the
  multi interface is used. Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=450140
2008-06-18 22:01:55 +00:00
Daniel Stenberg
36ddb13d1f removed warning about unused argument by simply removing that argument from
the check_issuer_cert() proto
2008-06-18 21:50:40 +00:00
Daniel Stenberg
74e3def5b3 check_issuer_cert() now builds and there's one warning less. Still one compiler
warning in the code though but we need NSS' base64.h header for that and we
don't currently have a suitable way to include it as our own base64.h header
kind of "blocks" it.
2008-06-18 21:48:51 +00:00
Daniel Stenberg
5c56bdf229 fixed bad infof() usage! 2008-06-12 22:00:35 +00:00
Daniel Stenberg
04d5c8fb77 - I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
2008-06-11 17:01:58 +00:00
Daniel Stenberg
a2e45a2211 code style cleanup 2008-06-06 20:57:32 +00:00
Daniel Stenberg
621c2b9015 - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 20:52:32 +00:00
Daniel Stenberg
3fe8251dfb - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 18:40:21 +00:00
Yang Tse
d6f8f16068 fix: preprocessor complaining about macro redefinition 2008-05-26 01:59:00 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Gunter Knauf
f9a6062081 applied patch to disable SSLv2 by default; discussion:
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
2008-02-19 23:10:07 +00:00
Daniel Stenberg
ed6466d176 Calls to Curl_failf() are not supposed to provide a trailing newline as the
function itself adds that. Fixed on 50 or something strings!
2008-01-15 23:19:02 +00:00
Daniel Stenberg
ad6e28073c removed space after if and while before the parenthesis for better source code
consistency
2007-11-05 09:45:09 +00:00
Daniel Stenberg
6a17cae4f6 Made libcurl built with NSS possible to ignore the peer verification.
Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.
2007-10-25 21:08:55 +00:00
Daniel Stenberg
4b96ac504c prevent compiler warnings about shadowing and one case of unused variable 2007-10-25 20:54:46 +00:00
Daniel Stenberg
8c3f40ee32 Rob Crittenden provided an NSS update with the following highlights:
o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
2007-09-18 22:21:54 +00:00
Dan Fandrich
9f44a95522 Renamed several libcurl error codes and options to make them more general
and allow reuse by multiple protocols. Several unused error codes were
removed.  In all cases, macros were added to preserve source (and binary)
compatibility with the old names.  These macros are subject to removal at
a future date, but probably not before 2009.  An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.

Documented some newer error codes in libcurl-error(3)
2007-08-30 20:34:57 +00:00
Patrick Monnerat
d994fcf2b1 Remove leading space in curl_version_info ss_version field. 2007-08-24 09:06:17 +00:00
Daniel Stenberg
50c10aa5bf Patrick Monnerat and I modified libcurl so that now it *copies* all strings
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00
Daniel Stenberg
f1fa7b8ba4 Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
Dan Fandrich
4a2f0fb2be Made some const arrays static to avoid unnecessary stack usage. 2007-07-20 00:41:12 +00:00
Daniel Stenberg
fe1fe64fd4 Rob Crittenden fixed bug #1705802
(http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
Black identifying several FTP-SSL test cases fail when we build libcurl with
NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
2007-05-25 21:56:27 +00:00
Gisle Vanem
c514a2a89a Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
Yang Tse
a1d5983991 use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handling 2007-02-16 18:19:35 +00:00
Yang Tse
569c169559 use our own ISSPACE macro 2007-02-13 17:28:40 +00:00
Daniel Stenberg
7f70dbcad5 Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
2007-02-12 22:32:37 +00:00