Commit Graph

78 Commits

Author SHA1 Message Date
Yang Tse
74552acaea sslgen.c: cleanup temporary compile-time SSL-backend check 2012-06-28 12:49:12 +02:00
Daniel Stenberg
5439849246 sslgen: avoid compiler error in SSPI builds 2012-06-27 23:16:14 +02:00
Yang Tse
e3014dcc01 sslgen.c: add compile-time check for SSL-backend completeness 2012-06-27 17:14:59 +02:00
Nick Zitzmann
3a4b28d473 DarwinSSL: several adjustments
- Renamed st_ function prefix to darwinssl_
- Renamed Curl_st_ function prefix to Curl_darwinssl_
- Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- Fixed a teensy little bug that made non-blocking connection attempts block
- Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26 21:39:48 +02:00
Daniel Stenberg
849179ba27 SSL cleanup: use crypto functions through the sslgen layer
curl_ntlm_msgs.c would previously use an #ifdef maze and direct
SSL-library calls instead of using the SSL layer we have for this
purpose.
2012-06-26 19:40:36 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Yang Tse
d56b4c3f89 ssl session caching: fix compiler warnings 2012-01-18 23:42:39 +01:00
Sven Wegener
3c18b38dcc Use Curl_ssl_connect for non-blocking connect fallback
This gets the appconnect time right for ssl backends, which don't
support non-blocking connects.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2011-12-19 22:37:37 +01:00
Daniel Stenberg
8f50a5c7e5 SSLSESSION_SHARED: new macro to check if session is shared
Added convenience macro to use to check if a handle is using a shared
SSL session, and fixed so that Curl_ssl_close_all() doesn't lock when
the session isn't shared.
2011-11-25 15:00:37 +01:00
Daniel Stenberg
10ecdf5078 getsessionid: don't ever return while locked
Also, check for the session sharing bit instead of comparing pointers
2011-11-17 23:57:21 +01:00
Daniel Stenberg
bb4eb58996 Curl_ssl_getsessionid: increase the value, not the pointer 2011-11-17 23:46:29 +01:00
Alejandro Alvarez Ayllon
35f61c404d SSL session share: move the age counter to the share object
Previously the age counter would be counted individually in each easy
handle that shared SSL sessions!
2011-11-17 23:34:38 +01:00
Yang Tse
17f48fe879 libcurl: some OOM handling fixes 2011-10-07 20:50:57 +02:00
Alejandro Alvarez
5793bc370c SSL session sharing support added
With locking, plus test, plus documentation
2011-09-28 23:06:34 +02:00
Yang Tse
a50210710a fix bool variables checking and assignment 2011-09-05 20:46:09 +02:00
Yang Tse
f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Daniel Stenberg
b903186fa0 source cleanup: unify look, style and indent levels
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
2011-04-27 09:09:35 +02:00
Daniel Stenberg
6cfbf21acf Curl_ssl_shutdown: restore send/recv pointers
When going back from SSL, put the send/recv function pointers back to
the plain versions.

Bug: http://curl.haxx.se/mail/lib-2011-04/0070.html
Reported by: Mehmet Bozkurt
2011-04-16 00:16:25 +02:00
Todd A Ouska
9e60d8fd9e SSL: (part 2) Added CyaSSL to SSL abstraction layer
This is the modified existing files commit.
2011-03-08 13:54:58 +01:00
Quinn Slack
1238edaeaf SSL: fix memory leak
In OOM situation. Follow-up fix to commit a9cd4f4ed4.
2011-01-10 13:53:57 +01:00
Eric Hu
108d7693a4 Preparing for axTLS. Actual SSL API functions are only stubbed.
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
2010-12-15 16:05:17 +01:00
Howard Chu
d64bd82bdc sendrecv: split the I/O handling into private handler
Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.

Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.

Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.
2010-05-07 15:05:34 +02:00
Hoi-Ho Chan
51427e1947 PolarSSL: initial support added
This is Hoi-Ho Chan's patch with some minor fixes by me. There
are some potential issues in this, but none worse than we can
sort out on the list and over time.
2010-05-05 22:30:46 +02:00
Kamil Dudka
ff8711135e refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 23:37:18 +02:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
douglas steinwand
abcea311e3 Fix insufficient initialization in Curl_clone_ssl_config()
which could have caused a double free when reusing curl handle.
2010-03-22 09:25:03 +01:00
Kamil Dudka
19ca0c0fbe - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). 2010-03-19 15:43:11 +00:00
Yang Tse
59939313f8 Make usage of calloc()'s arguments consistent with rest of code base 2009-11-18 10:33:54 +00:00
Daniel Stenberg
a16cca7680 - Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
2009-05-04 21:57:14 +00:00
Daniel Stenberg
14df44dd3f - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
  interface and provided a patch that fixed the problem!
2009-04-26 11:56:22 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg
e9ea3ba4a2 corrected and clarified the top comment 2009-02-25 12:51:39 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Dan Fandrich
bab5183820 Created Curl_raw_nequal() which does a C-locale string case comparison.
Changed checkprefix() to use it and those instances of strnequal() that
compare host names or other protocol strings that are defined to be
independent of case in the C locale.  This should fix a few more
Turkish locale problems.
2008-10-23 01:20:57 +00:00
Yang Tse
a622fd90b4 remove unnecessary typecasting of calloc() 2008-09-06 04:47:14 +00:00
Dan Fandrich
70e57dad88 Only compile Curl_ssl_free_certinfo when SSL is enabled 2008-09-05 18:35:29 +00:00
Daniel Stenberg
4c9768565e - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
  or FTPS), libcurl will gather lots of server certificate info and that info
  can then get extracted by a client after the request has completed with
  curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
  helped me test and smoothen out this feature.

  Unfortunately, this feature currently only works with libcurl built to use
  OpenSSL.

  This feature was sponsored by networking4all.com - thanks!
2008-09-05 14:29:21 +00:00
Daniel Stenberg
7c648782bc Introcuding a new timestamp for curl_easy_getinfo():
CURLINFO_APPCONNECT_TIME. This is set with the "application layer"
handshake/connection is completed (typically SSL, TLS or SSH). By using this
you can figure out the application layer's own connect time. You can extract
the time stamp using curl's -w option and the new variable named
'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-07-03 06:56:03 +00:00
Daniel Stenberg
04d5c8fb77 - I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
2008-06-11 17:01:58 +00:00
Michal Marek
e2b82b4325 - Make Curl_write and it's callees accept a const pointer, in preparation
of tetetest's patch for curl_easy_send()
2008-05-09 11:27:54 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Gunter Knauf
4e8c4fc80b added missing semicolon fromn last commit. 2007-12-25 13:26:01 +00:00
Daniel Stenberg
fc1d1ea934 Gary Maxwell filed bug report #1856628
(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
(small) memory leak in the SSL session ID caching code. It happened when a
previous entry in the cache was re-used.
2007-12-24 23:45:48 +00:00
Daniel Stenberg
5c447f2499 Bug report #1842029 (http://curl.haxx.se/bug/view.cgi?id=1842029) identified
a problem with SSL session caching that prevent it from working, and the
associated fix!
2007-12-03 11:48:09 +00:00
Daniel Stenberg
0561bffab3 I think this is the right fix for other non-OpenSSL libs, based on the NSS fix
from the other day. It is time to setup the internal SSL libs and treat them
with a "handler" struct similar to how we deal with the protocols these days...
2007-11-19 09:24:24 +00:00
Daniel Stenberg
c80b9c3778 Rob Crittenden fixed SSL connections with NSS done with the multi-interface 2007-11-18 09:45:05 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Dan Fandrich
bdfeaa0f95 #ifdef out a few more functions when SSL is disabled. 2007-09-25 06:45:05 +00:00