Commit Graph

49 Commits

Author SHA1 Message Date
Yang Tse
59939313f8 Make usage of calloc()'s arguments consistent with rest of code base 2009-11-18 10:33:54 +00:00
Daniel Stenberg
a16cca7680 - Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
2009-05-04 21:57:14 +00:00
Daniel Stenberg
14df44dd3f - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
  interface and provided a patch that fixed the problem!
2009-04-26 11:56:22 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg
e9ea3ba4a2 corrected and clarified the top comment 2009-02-25 12:51:39 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Dan Fandrich
bab5183820 Created Curl_raw_nequal() which does a C-locale string case comparison.
Changed checkprefix() to use it and those instances of strnequal() that
compare host names or other protocol strings that are defined to be
independent of case in the C locale.  This should fix a few more
Turkish locale problems.
2008-10-23 01:20:57 +00:00
Yang Tse
a622fd90b4 remove unnecessary typecasting of calloc() 2008-09-06 04:47:14 +00:00
Dan Fandrich
70e57dad88 Only compile Curl_ssl_free_certinfo when SSL is enabled 2008-09-05 18:35:29 +00:00
Daniel Stenberg
4c9768565e - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
  or FTPS), libcurl will gather lots of server certificate info and that info
  can then get extracted by a client after the request has completed with
  curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
  helped me test and smoothen out this feature.

  Unfortunately, this feature currently only works with libcurl built to use
  OpenSSL.

  This feature was sponsored by networking4all.com - thanks!
2008-09-05 14:29:21 +00:00
Daniel Stenberg
7c648782bc Introcuding a new timestamp for curl_easy_getinfo():
CURLINFO_APPCONNECT_TIME. This is set with the "application layer"
handshake/connection is completed (typically SSL, TLS or SSH). By using this
you can figure out the application layer's own connect time. You can extract
the time stamp using curl's -w option and the new variable named
'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-07-03 06:56:03 +00:00
Daniel Stenberg
04d5c8fb77 - I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
2008-06-11 17:01:58 +00:00
Michal Marek
e2b82b4325 - Make Curl_write and it's callees accept a const pointer, in preparation
of tetetest's patch for curl_easy_send()
2008-05-09 11:27:54 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Gunter Knauf
4e8c4fc80b added missing semicolon fromn last commit. 2007-12-25 13:26:01 +00:00
Daniel Stenberg
fc1d1ea934 Gary Maxwell filed bug report #1856628
(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
(small) memory leak in the SSL session ID caching code. It happened when a
previous entry in the cache was re-used.
2007-12-24 23:45:48 +00:00
Daniel Stenberg
5c447f2499 Bug report #1842029 (http://curl.haxx.se/bug/view.cgi?id=1842029) identified
a problem with SSL session caching that prevent it from working, and the
associated fix!
2007-12-03 11:48:09 +00:00
Daniel Stenberg
0561bffab3 I think this is the right fix for other non-OpenSSL libs, based on the NSS fix
from the other day. It is time to setup the internal SSL libs and treat them
with a "handler" struct similar to how we deal with the protocols these days...
2007-11-19 09:24:24 +00:00
Daniel Stenberg
c80b9c3778 Rob Crittenden fixed SSL connections with NSS done with the multi-interface 2007-11-18 09:45:05 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Dan Fandrich
bdfeaa0f95 #ifdef out a few more functions when SSL is disabled. 2007-09-25 06:45:05 +00:00
Dan Fandrich
8cf0814a14 Fixed some minor type mismatches and missing consts mainly found by splint. 2007-08-27 06:31:28 +00:00
Daniel Stenberg
50c10aa5bf Patrick Monnerat and I modified libcurl so that now it *copies* all strings
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00
Dan Fandrich
ea908c23ae Fixed compiler warning on non-SSL builds 2007-07-30 17:05:39 +00:00
Daniel Stenberg
f1fa7b8ba4 Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
Daniel Stenberg
b3461bab1d Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
support for the OS/400 Secure Sockets Layer library
2007-07-23 21:46:26 +00:00
Daniel Stenberg
92039629c7 Curl_ssl_close(): mark the connection as not using SSL anymore, to better
survive getting called twice
2007-04-21 21:24:53 +00:00
Gisle Vanem
c514a2a89a Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
Yang Tse
5649b738be compiler warning fix 2007-02-13 02:30:31 +00:00
Daniel Stenberg
7f70dbcad5 Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
2007-02-12 22:32:37 +00:00
Yang Tse
d2dd3d7e16 compiler warning fix 2007-02-01 15:36:56 +00:00
Daniel Stenberg
2b280bcc69 fix compiler warnings for SSL-disabled builds 2007-01-25 21:00:03 +00:00
Daniel Stenberg
3239f059b8 moved the SSL pending function to the proper place and name 2007-01-24 17:19:08 +00:00
Linus Nielsen Feltzing
d465199411 Correct error code for CCC/SSL shutdown failure 2007-01-08 11:24:11 +00:00
Linus Nielsen Feltzing
7515a75206 Fix compilation errors when building without SSL 2007-01-06 10:49:11 +00:00
Daniel Stenberg
4750e6f3c5 - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.
2007-01-05 23:11:14 +00:00
Daniel Stenberg
72bd027537 Brendan Jurd pointed out these typos 2006-12-16 21:05:33 +00:00
Daniel Stenberg
be0d17e812 cleaned up Curl_write() and the sub functions it uses for various protocols.
They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Yang Tse
733a184ce0 Compiler warning fix 2006-09-12 23:51:01 +00:00
Daniel Stenberg
29dc39fce1 - Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a
handle that is part of a multi handle first removes the handle from the
  stack.

- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL
  session-ID re-use on demand since there obviously are broken servers out
  there that misbehave with session-IDs used.
2006-09-11 17:18:18 +00:00
Daniel Stenberg
d9e14408f0 silence warning 2006-05-11 05:16:38 +00:00
Daniel Stenberg
c9c5ce2365 David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-10 22:17:42 +00:00
Daniel Stenberg
83367f67de Xavier Bouchoux made the SSL connection non-blocking for the multi interface
(when using OpenSSL).
2006-03-21 21:54:44 +00:00
Daniel Stenberg
84c4d96e71 removed old debug left-over infof() call 2005-08-11 21:41:11 +00:00
Daniel Stenberg
274842ec41 use calloc instead of malloc to save a call to memset() 2005-05-05 06:04:00 +00:00
Daniel Stenberg
2179e6e797 prevent memory leak when built SSL disabled 2005-05-04 14:52:51 +00:00
Daniel Stenberg
f30e8b11eb prevent compiler warning 2005-04-19 23:38:57 +00:00
Daniel Stenberg
2fc70e2c5d re-arrange some code to prevent warnings on unreachable code 2005-04-08 09:25:48 +00:00
Daniel Stenberg
6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00