vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of connectdata+sockindex - ssl_connect_data is remove from struct connectdata and made internal to vtls - ssl_connect_data is allocated in the added filter, kept at cf->ctx - added function to let a ssl filter access its ssl_primary_config and ssl_config_data this selects the propert subfields in conn and data, for filters added as plain or proxy - adjusted all backends to use the changed api - adjusted all backends to access config data via the exposed functions, no longer using conn or data directly cfilter renames for clear purpose: - methods `Curl_conn_*(data, conn, sockindex)` work on the complete filter chain at `sockindex` and connection `conn`. - methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter instance. - methods `Curl_conn_cf()` work on/with filter instances at a connection. - rebased and resolved some naming conflicts - hostname validation (und session lookup) on SECONDARY use the same name as on FIRST (again). new debug macros and removing connectdata from function signatures where not needed. adapting schannel for new Curl_read_plain paramter. Closes #9919
author: Stefan Eissing <stefan@eissing.org> 2022-11-22 09:55:41 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2022-11-22 14:25:50 +0100
commit: af22c2a546ab862ab577c8d9d3609af0de178974 (patch)
tree: f1a0c2d3c57d45da66809894997a50db840ac9e6 /lib/vtls/schannel_verify.c
parent: a28a80d59e8f111fa5a23bfb76c8ff148333edb0 (diff)
download: curl-af22c2a546ab862ab577c8d9d3609af0de178974.tar.gz
1 files changed, 12 insertions, 11 deletions
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index 6ee9a78c4..e4992162e 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -459,7 +459,7 @@ static DWORD cert_get_name_string(struct Curl_easy *data,
 
 static CURLcode verify_host(struct Curl_easy *data,
                             CERT_CONTEXT *pCertContextServer,
-                            const char * const conn_hostname)
+                            const char *conn_hostname)
 {
   CURLcode result = CURLE_PEER_FAILED_VERIFICATION;
   TCHAR *cert_hostname_buff = NULL;
@@ -563,17 +563,18 @@ cleanup:
   return result;
 }
 
-CURLcode Curl_verify_certificate(struct Curl_easy *data,
-                                 struct connectdata *conn, int sockindex)
+CURLcode Curl_verify_certificate(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
 {
+  struct ssl_connect_data *connssl = cf->ctx;
+  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
   SECURITY_STATUS sspi_status;
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   CURLcode result = CURLE_OK;
   CERT_CONTEXT *pCertContextServer = NULL;
   const CERT_CHAIN_CONTEXT *pChainContext = NULL;
   HCERTCHAINENGINE cert_chain_engine = NULL;
   HCERTSTORE trust_store = NULL;
-  const char * const conn_hostname = SSL_HOST_NAME();
 
   DEBUGASSERT(BACKEND);
 
@@ -590,7 +591,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
   }
 
   if(result == CURLE_OK &&
-      (SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(ca_info_blob)) &&
+      (conn_config->CAfile || conn_config->ca_info_blob) &&
       BACKEND->use_manual_cred_validation) {
     /*
      * Create a chain engine that uses the certificates in the CA file as
@@ -617,7 +618,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
         result = CURLE_SSL_CACERT_BADFILE;
       }
       else {
-        const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
+        const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
         if(ca_info_blob) {
           result = add_certs_data_to_store(trust_store,
                                            (const char *)ca_info_blob->data,
@@ -627,7 +628,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
         }
         else {
           result = add_certs_file_to_store(trust_store,
-                                           SSL_CONN_CONFIG(CAfile),
+                                           conn_config->CAfile,
                                            data);
         }
       }
@@ -670,7 +671,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
                                 NULL,
                                 pCertContextServer->hCertStore,
                                 &ChainPara,
-                                (SSL_SET_OPTION(no_revoke) ? 0 :
+                                (ssl_config->no_revoke ? 0 :
                                  CERT_CHAIN_REVOCATION_CHECK_CHAIN),
                                 NULL,
                                 &pChainContext)) {
@@ -719,8 +720,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
   }
 
   if(result == CURLE_OK) {
-    if(SSL_CONN_CONFIG(verifyhost)) {
-      result = verify_host(data, pCertContextServer, conn_hostname);
+    if(conn_config->verifyhost) {
+      result = verify_host(data, pCertContextServer, connssl->hostname);
     }
   }
author	Stefan Eissing <stefan@eissing.org>	2022-11-22 09:55:41 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2022-11-22 14:25:50 +0100
commit	af22c2a546ab862ab577c8d9d3609af0de178974 (patch)
tree	f1a0c2d3c57d45da66809894997a50db840ac9e6 /lib/vtls/schannel_verify.c
parent	a28a80d59e8f111fa5a23bfb76c8ff148333edb0 (diff)
download	curl-af22c2a546ab862ab577c8d9d3609af0de178974.tar.gz