summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorPatrick Monnerat <patrick@monnerat.net>2021-01-13 17:01:31 +0100
committerDaniel Stenberg <daniel@haxx.se>2021-01-19 09:14:40 +0100
commitbbe3aa9f881fa27fe828e3c9a36d6831f254a3ee (patch)
tree9f5f5f3ffe1ed7a066562ac7ba3e688af3d97b8c /lib
parent8399d89360db40cafe16ba65b5d9586d5a4fd3eb (diff)
downloadcurl-bbe3aa9f881fa27fe828e3c9a36d6831f254a3ee.tar.gz
vtls: reduce conn->data use
Closes #6474
Diffstat (limited to 'lib')
-rw-r--r--lib/ftp.c10
-rw-r--r--lib/gopher.c2
-rw-r--r--lib/http.c2
-rw-r--r--lib/http_proxy.c2
-rw-r--r--lib/imap.c5
-rw-r--r--lib/openldap.c5
-rw-r--r--lib/pop3.c5
-rw-r--r--lib/smb.c3
-rw-r--r--lib/smtp.c5
-rw-r--r--lib/url.c4
-rw-r--r--lib/vtls/bearssl.c65
-rw-r--r--lib/vtls/gskit.c61
-rw-r--r--lib/vtls/gtls.c70
-rw-r--r--lib/vtls/mbedtls.c59
-rw-r--r--lib/vtls/mesalink.c104
-rw-r--r--lib/vtls/nss.c115
-rw-r--r--lib/vtls/openssl.c133
-rw-r--r--lib/vtls/schannel.c174
-rw-r--r--lib/vtls/schannel.h5
-rw-r--r--lib/vtls/schannel_verify.c11
-rw-r--r--lib/vtls/sectransp.c140
-rw-r--r--lib/vtls/vtls.c73
-rw-r--r--lib/vtls/vtls.h49
-rw-r--r--lib/vtls/wolfssl.c59
24 files changed, 597 insertions, 564 deletions
diff --git a/lib/ftp.c b/lib/ftp.c
index bb44bcdb2..9e9830e26 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -443,7 +443,7 @@ static CURLcode InitiateTransfer(struct Curl_easy *data)
/* since we only have a plaintext TCP connection here, we must now
* do the TLS stuff */
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
- result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+ result = Curl_ssl_connect(data, conn, SECONDARYSOCKET);
if(result)
return result;
}
@@ -2734,7 +2734,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
if((ftpcode == 234) || (ftpcode == 334)) {
/* Curl_ssl_connect is BLOCKING */
- result = Curl_ssl_connect(conn, FIRSTSOCKET);
+ result = Curl_ssl_connect(data, conn, FIRSTSOCKET);
if(!result) {
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
@@ -2800,7 +2800,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
case FTP_CCC:
if(ftpcode < 500) {
/* First shut down the SSL layer (note: this call will block) */
- result = Curl_ssl_shutdown(conn, FIRSTSOCKET);
+ result = Curl_ssl_shutdown(data, conn, FIRSTSOCKET);
if(result)
failf(data, "Failed to clear the command channel (CCC)");
@@ -3138,7 +3138,7 @@ static CURLcode ftp_connect(struct Curl_easy *data,
if(conn->handler->flags & PROTOPT_SSL) {
/* BLOCKING */
- result = Curl_ssl_connect(conn, FIRSTSOCKET);
+ result = Curl_ssl_connect(data, conn, FIRSTSOCKET);
if(result)
return result;
conn->bits.ftp_use_control_ssl = TRUE;
@@ -3284,7 +3284,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
if(conn->ssl[SECONDARYSOCKET].use) {
/* The secondary socket is using SSL so we must close down that part
first before we close the socket for real */
- Curl_ssl_close(conn, SECONDARYSOCKET);
+ Curl_ssl_close(data, conn, SECONDARYSOCKET);
/* Note that we keep "use" set to TRUE since that (next) connection is
still requested to use SSL */
diff --git a/lib/gopher.c b/lib/gopher.c
index e5c7d2752..a39cc7e6b 100644
--- a/lib/gopher.c
+++ b/lib/gopher.c
@@ -113,7 +113,7 @@ static CURLcode gopher_connect(struct Curl_easy *data, bool *done)
static CURLcode gopher_connecting(struct Curl_easy *data, bool *done)
{
struct connectdata *conn = data->conn;
- CURLcode result = Curl_ssl_connect(conn, FIRSTSOCKET);
+ CURLcode result = Curl_ssl_connect(data, conn, FIRSTSOCKET);
if(result)
connclose(conn, "Failed TLS connection");
*done = TRUE;
diff --git a/lib/http.c b/lib/http.c
index 0d1d0d568..89e5da975 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1532,7 +1532,7 @@ static CURLcode https_connecting(struct Curl_easy *data, bool *done)
#endif
/* perform SSL initialization for this socket */
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
+ result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, done);
if(result)
connclose(conn, "Failed HTTPS connection");
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 8163c9694..3e38ab0cd 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -58,7 +58,7 @@ static CURLcode https_proxy_connect(struct connectdata *conn, int sockindex)
if(!conn->bits.proxy_ssl_connected[sockindex]) {
/* perform SSL initialization for this socket */
result =
- Curl_ssl_connect_nonblocking(conn, sockindex,
+ Curl_ssl_connect_nonblocking(conn->data, conn, sockindex,
&conn->bits.proxy_ssl_connected[sockindex]);
if(result)
/* a failed connection is marked for closure to prevent (bad) re-use or
diff --git a/lib/imap.c b/lib/imap.c
index 04ee4ef55..bab531239 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -473,7 +473,7 @@ static CURLcode imap_perform_upgrade_tls(struct Curl_easy *data,
{
/* Start the SSL connection */
struct imap_conn *imapc = &conn->proto.imapc;
- CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+ CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET,
&imapc->ssldone);
if(!result) {
@@ -1366,7 +1366,8 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done)
struct imap_conn *imapc = &conn->proto.imapc;
if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) {
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &imapc->ssldone);
+ result = Curl_ssl_connect_nonblocking(data, conn,
+ FIRSTSOCKET, &imapc->ssldone);
if(result || !imapc->ssldone)
return result;
}
diff --git a/lib/openldap.c b/lib/openldap.c
index e387605fe..bb6f785b5 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -245,7 +245,8 @@ static CURLcode ldap_connect(struct Curl_easy *data, bool *done)
#ifdef USE_SSL
if(conn->handler->flags & PROTOPT_SSL) {
CURLcode result;
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &li->ssldone);
+ result = Curl_ssl_connect_nonblocking(data, conn,
+ FIRSTSOCKET, &li->ssldone);
if(result)
return result;
}
@@ -267,7 +268,7 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done)
if(conn->handler->flags & PROTOPT_SSL) {
/* Is the SSL handshake complete yet? */
if(!li->ssldone) {
- CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+ CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET,
&li->ssldone);
if(result || !li->ssldone)
return result;
diff --git a/lib/pop3.c b/lib/pop3.c
index af3bca5b0..551d0da9c 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -368,7 +368,7 @@ static CURLcode pop3_perform_upgrade_tls(struct Curl_easy *data,
{
/* Start the SSL connection */
struct pop3_conn *pop3c = &conn->proto.pop3c;
- CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+ CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET,
&pop3c->ssldone);
if(!result) {
@@ -1029,7 +1029,8 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done)
struct pop3_conn *pop3c = &conn->proto.pop3c;
if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) {
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone);
+ result = Curl_ssl_connect_nonblocking(data, conn,
+ FIRSTSOCKET, &pop3c->ssldone);
if(result || !pop3c->ssldone)
return result;
}
diff --git a/lib/smb.c b/lib/smb.c
index 69279c8d1..6af9b3ac2 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -669,7 +669,8 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done)
#ifdef USE_SSL
if((conn->handler->flags & PROTOPT_SSL)) {
bool ssl_done = FALSE;
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &ssl_done);
+ result = Curl_ssl_connect_nonblocking(data, conn,
+ FIRSTSOCKET, &ssl_done);
if(result && result != CURLE_AGAIN)
return result;
if(!ssl_done)
diff --git a/lib/smtp.c b/lib/smtp.c
index 84d4d5744..d408a6dbe 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -395,7 +395,7 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data)
/* Start the SSL connection */
struct connectdata *conn = data->conn;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+ CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET,
&smtpc->ssldone);
if(!result) {
@@ -1256,7 +1256,8 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done)
struct smtp_conn *smtpc = &conn->proto.smtpc;
if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) {
- result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &smtpc->ssldone);
+ result = Curl_ssl_connect_nonblocking(data, conn,
+ FIRSTSOCKET, &smtpc->ssldone);
if(result || !smtpc->ssldone)
return result;
}
diff --git a/lib/url.c b/lib/url.c
index 7512bb4d9..f8a7876b4 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -723,8 +723,8 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
/* close the SSL stuff before we close any sockets since they will/may
write to the sockets */
- Curl_ssl_close(conn, FIRSTSOCKET);
- Curl_ssl_close(conn, SECONDARYSOCKET);
+ Curl_ssl_close(data, conn, FIRSTSOCKET);
+ Curl_ssl_close(data, conn, SECONDARYSOCKET);
/* close possibly still open sockets */
if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
index 6eb61943a..8dd262ed0 100644
--- a/lib/vtls/bearssl.c
+++ b/lib/vtls/bearssl.c
@@ -294,9 +294,9 @@ static const br_x509_class x509_vtable = {
x509_get_pkey
};
-static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
+static CURLcode bearssl_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
@@ -374,12 +374,12 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
if(SSL_SET_OPTION(primary.sessionid)) {
void *session;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &session, NULL, sockindex)) {
br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
infof(data, "BearSSL: re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
if(conn->bits.tls_enable_alpn) {
@@ -429,10 +429,10 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
+static CURLcode bearssl_run_until(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex,
unsigned target)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
curl_socket_t sockfd = conn->sock[sockindex];
@@ -507,14 +507,15 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
}
}
-static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex)
+static CURLcode bearssl_connect_step2(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret;
- ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP);
+ ret = bearssl_run_until(data, conn, sockindex,
+ BR_SSL_SENDAPP | BR_SSL_RECVAPP);
if(ret == CURLE_AGAIN)
return CURLE_OK;
if(ret == CURLE_OK) {
@@ -527,9 +528,9 @@ static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex)
return ret;
}
-static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
+static CURLcode bearssl_connect_step3(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret;
@@ -568,12 +569,13 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
if(!session)
return CURLE_OUT_OF_MEMORY;
br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex));
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn,
+ &oldsession, NULL, sockindex));
if(incache)
- Curl_ssl_delsessionid(conn, oldsession);
- ret = Curl_ssl_addsessionid(conn, session, 0, sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_delsessionid(data, oldsession);
+ ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(ret) {
free(session);
return CURLE_OUT_OF_MEMORY;
@@ -595,7 +597,7 @@ static ssize_t bearssl_send(struct Curl_easy *data, int sockindex,
size_t applen;
for(;;) {
- *err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP);
+ *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP);
if (*err != CURLE_OK)
return -1;
app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
@@ -627,7 +629,7 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex,
unsigned char *app;
size_t applen;
- *err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP);
+ *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP);
if(*err != CURLE_OK)
return -1;
app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
@@ -641,13 +643,13 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex,
return applen;
}
-static CURLcode bearssl_connect_common(struct connectdata *conn,
+static CURLcode bearssl_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode ret;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
timediff_t timeout_ms;
@@ -660,7 +662,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn,
}
if(ssl_connect_1 == connssl->connecting_state) {
- ret = bearssl_connect_step1(conn, sockindex);
+ ret = bearssl_connect_step1(data, conn, sockindex);
if(ret)
return ret;
}
@@ -713,7 +715,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn,
* before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on.
*/
- ret = bearssl_connect_step2(conn, sockindex);
+ ret = bearssl_connect_step2(data, conn, sockindex);
if(ret || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -722,7 +724,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn,
}
if(ssl_connect_3 == connssl->connecting_state) {
- ret = bearssl_connect_step3(conn, sockindex);
+ ret = bearssl_connect_step3(data, conn, sockindex);
if(ret)
return ret;
}
@@ -775,12 +777,13 @@ static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM,
return CURLE_OK;
}
-static CURLcode bearssl_connect(struct connectdata *conn, int sockindex)
+static CURLcode bearssl_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode ret;
bool done = FALSE;
- ret = bearssl_connect_common(conn, sockindex, FALSE, &done);
+ ret = bearssl_connect_common(data, conn, sockindex, FALSE, &done);
if(ret)
return ret;
@@ -789,10 +792,11 @@ static CURLcode bearssl_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static CURLcode bearssl_connect_nonblocking(struct connectdata *conn,
+static CURLcode bearssl_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
- return bearssl_connect_common(conn, sockindex, TRUE, done);
+ return bearssl_connect_common(data, conn, sockindex, TRUE, done);
}
static void *bearssl_get_internals(struct ssl_connect_data *connssl,
@@ -802,7 +806,8 @@ static void *bearssl_get_internals(struct ssl_connect_data *connssl,
return &backend->ctx;
}
-static void bearssl_close(struct connectdata *conn, int sockindex)
+static void bearssl_close(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -810,7 +815,7 @@ static void bearssl_close(struct connectdata *conn, int sockindex)
if(backend->active) {
br_ssl_engine_close(&backend->ctx.eng);
- (void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED);
+ (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED);
}
for(i = 0; i < backend->anchors_len; ++i)
free(backend->anchors[i].dn.data);
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index 26a1e8215..0095a2071 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -610,10 +610,10 @@ static void close_one(struct ssl_connect_data *connssl, struct Curl_easy *data,
}
-static ssize_t real_gskit_send(struct Curl_easy *data,
- struct connectdata *conn, int sockindex,
- const void *mem, size_t len, CURLcode *curlcode)
+static ssize_t gskit_send(struct connectdata *conn, int sockindex,
+ const void *mem, size_t len, CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode cc = CURLE_SEND_ERROR;
int written;
@@ -634,17 +634,11 @@ static ssize_t real_gskit_send(struct Curl_easy *data,
return (ssize_t) written; /* number of bytes */
}
-static ssize_t gskit_send(struct connectdata *conn, int sockindex,
- const void *mem, size_t len, CURLcode *curlcode)
-{
- return real_gskit_send(conn->data, conn, sockindex, mem, len, curlcode);
-}
-
-static ssize_t real_gskit_recv(struct Curl_easy *data,
- struct connectdata *conn, int num, char *buf,
+static ssize_t gskit_recv(struct Curl_easy *data, int num, char *buf,
size_t buffersize, CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[num];
int nread;
CURLcode cc = CURLE_RECV_ERROR;
@@ -668,12 +662,6 @@ static ssize_t real_gskit_recv(struct Curl_easy *data,
return (ssize_t) nread;
}
-static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
- size_t buffersize, CURLcode *curlcode)
-{
- return real_gskit_recv(conn->data, conn, num, buf, buffersize, curlcode);
-}
-
static CURLcode
set_ssl_version_min_max(unsigned int *protoflags, struct Curl_easy *data)
{
@@ -1137,9 +1125,9 @@ static CURLcode gskit_connect_common(struct Curl_easy *data,
}
-static CURLcode real_gskit_connect_nonblocking(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex, bool *done)
+static CURLcode gskit_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex, bool *done)
{
CURLcode result;
@@ -1149,15 +1137,9 @@ static CURLcode real_gskit_connect_nonblocking(struct Curl_easy *data,
return result;
}
-static CURLcode gskit_connect_nonblocking(struct connectdata *conn,
- int sockindex, bool *done)
-{
- return real_gskit_connect_nonblocking(conn->data, conn, sockindex, done);
-}
-
-static CURLcode real_gskit_connect(struct Curl_easy *data,
- struct connectdata *conn, int sockindex)
+static CURLcode gskit_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done;
@@ -1172,27 +1154,17 @@ static CURLcode real_gskit_connect(struct Curl_easy *data,
return CURLE_OK;
}
-static CURLcode gskit_connect(struct connectdata *conn, int sockindex)
-{
- return real_gskit_connect(conn->data, conn, sockindex);
-}
-
-static void real_gskit_close(struct Curl_easy *data, struct connectdata *conn,
- int sockindex)
+static void gskit_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
close_one(&conn->ssl[sockindex], data, conn, sockindex);
close_one(&conn->proxy_ssl[sockindex], data, conn, sockindex);
}
-static void gskit_close(struct connectdata *conn, int sockindex)
-{
- real_gskit_close(conn->data, conn, sockindex);
-}
-
-static int real_gskit_shutdown(struct Curl_easy *data,
- struct connectdata *conn, int sockindex)
+static int gskit_shutdown(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
int what;
@@ -1247,11 +1219,6 @@ static int real_gskit_shutdown(struct Curl_easy *data,
return rc;
}
-static int gskit_shutdown(struct connectdata *conn, int sockindex)
-{
- return real_gskit_shutdown(conn->data, conn, sockindex);
-}
-
static size_t gskit_version(char *buffer, size_t size)
{
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 4e2700fa1..27c8a0536 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -200,12 +200,12 @@ static void unload_file(gnutls_datum_t data)
/* this function does a SSL/TLS (re-)handshake */
-static CURLcode handshake(struct connectdata *conn,
+static CURLcode handshake(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool duringconnect,
bool nonblocking)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
@@ -314,9 +314,9 @@ static gnutls_x509_crt_fmt_t do_file_type(const char *type)
#define GNUTLS_SRP "+SRP"
static CURLcode
-set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
+set_ssl_version_min_max(const char **prioritylist, struct Curl_easy *data)
{
- struct Curl_easy *data = conn->data;
+ struct connectdata *conn = data->conn;
long ssl_version = SSL_CONN_CONFIG(version);
long ssl_version_max = SSL_CONN_CONFIG(version_max);
@@ -379,10 +379,10 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
}
static CURLcode
-gtls_connect_step1(struct connectdata *conn,
+gtls_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned int init_flags;
@@ -568,7 +568,7 @@ gtls_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(&prioritylist, conn);
+ CURLcode result = set_ssl_version_min_max(&prioritylist, data);
if(result != CURLE_OK)
return result;
break;
@@ -731,15 +731,16 @@ gtls_connect_step1(struct connectdata *conn,
void *ssl_sessionid;
size_t ssl_idsize;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
+ &ssl_sessionid, &ssl_idsize, sockindex)) {
/* we got a session id, use it! */
gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
/* Informational message */
infof(data, "SSL re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
return CURLE_OK;
@@ -807,7 +808,8 @@ static Curl_recv gtls_recv;
static Curl_send gtls_send;
static CURLcode
-gtls_connect_step3(struct connectdata *conn,
+gtls_connect_step3(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
unsigned int cert_list_size;
@@ -820,7 +822,6 @@ gtls_connect_step3(struct connectdata *conn,
size_t size;
time_t certclock;
const char *ptr;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
@@ -1290,19 +1291,19 @@ gtls_connect_step3(struct connectdata *conn,
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL,
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL,
sockindex));
if(incache) {
/* there was one before in the cache, so instead of risking that the
previous one was rejected, we just kill that and store the new */
- Curl_ssl_delsessionid(conn, ssl_sessionid);
+ Curl_ssl_delsessionid(data, ssl_sessionid);
}
/* store this session id */
- result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize,
- sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+ connect_idsize, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(result) {
free(connect_sessionid);
result = CURLE_OUT_OF_MEMORY;
@@ -1326,7 +1327,8 @@ gtls_connect_step3(struct connectdata *conn,
'ssl_connect_2_writing' (waiting to be able to write).
*/
static CURLcode
-gtls_connect_common(struct connectdata *conn,
+gtls_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
@@ -1336,19 +1338,19 @@ gtls_connect_common(struct connectdata *conn,
/* Initiate the connection, if not already done */
if(ssl_connect_1 == connssl->connecting_state) {
- rc = gtls_connect_step1(conn, sockindex);
+ rc = gtls_connect_step1(data, conn, sockindex);
if(rc)
return rc;
}
- rc = handshake(conn, sockindex, TRUE, nonblocking);
+ rc = handshake(data, conn, sockindex, TRUE, nonblocking);
if(rc)
/* handshake() sets its own error message with failf() */
return rc;
/* Finish connecting once the handshake is done */
if(ssl_connect_1 == connssl->connecting_state) {
- rc = gtls_connect_step3(conn, sockindex);
+ rc = gtls_connect_step3(data, conn, sockindex);
if(rc)
return rc;
}
@@ -1358,18 +1360,20 @@ gtls_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode gtls_connect_nonblocking(struct connectdata *conn,
+static CURLcode gtls_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
- return gtls_connect_common(conn, sockindex, TRUE, done);
+ return gtls_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode gtls_connect(struct connectdata *conn, int sockindex)
+static CURLcode gtls_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = gtls_connect_common(conn, sockindex, FALSE, &done);
+ result = gtls_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -1441,8 +1445,10 @@ static void close_one(struct ssl_connect_data *connssl)
#endif
}
-static void gtls_close(struct connectdata *conn, int sockindex)
+static void gtls_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
+ (void) data;
close_one(&conn->ssl[sockindex]);
#ifndef CURL_DISABLE_PROXY
close_one(&conn->proxy_ssl[sockindex]);
@@ -1453,12 +1459,12 @@ static void gtls_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
-static int gtls_shutdown(struct connectdata *conn, int sockindex)
+static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int retval = 0;
- struct Curl_easy *data = conn->data;
#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
@@ -1547,7 +1553,7 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */
if(ret == GNUTLS_E_REHANDSHAKE) {
/* BLOCKING call, this is bad but a work-around for now. Fixing this "the
proper way" takes a whole lot of work. */
- CURLcode result = handshake(conn, num, FALSE, FALSE);
+ CURLcode result = handshake(data, conn, num, FALSE, FALSE);
if(result)
/* handshake() writes error message on its own */
*curlcode = result;
@@ -1557,7 +1563,7 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */
}
if(ret < 0) {
- failf(conn->data, "GnuTLS recv error (%d): %s",
+ failf(data, "GnuTLS recv error (%d): %s",
(int)ret, gnutls_strerror((int)ret));
*curlcode = CURLE_RECV_ERROR;
@@ -1606,7 +1612,7 @@ static CURLcode gtls_random(struct Curl_easy *data,
return rc?CURLE_FAILED_INIT:CURLE_OK;
#elif defined(USE_GNUTLS)
if(data)
- Curl_gtls_seed(data); /* Initiate the seed if not already done */
+ gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
#endif
return CURLE_OK;
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index f8baa1c34..4ebd8af7d 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -196,9 +196,9 @@ static CURLcode mbedtls_version_from_curl(int *mbedver, long version)
}
static CURLcode
-set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1;
@@ -241,10 +241,9 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
}
static CURLcode
-mbed_connect_step1(struct connectdata *conn,
+mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
@@ -427,7 +426,7 @@ mbed_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
@@ -463,17 +462,17 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(primary.sessionid)) {
void *old_session = NULL;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &old_session, NULL, sockindex)) {
ret = mbedtls_ssl_set_session(&backend->ssl, old_session);
if(ret) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret);
return CURLE_SSL_CONNECT_ERROR;
}
infof(data, "mbedTLS re-using session\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
mbedtls_ssl_conf_ca_chain(&backend->config,
@@ -541,11 +540,10 @@ mbed_connect_step1(struct connectdata *conn,
}
static CURLcode
-mbed_connect_step2(struct connectdata *conn,
+mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
int ret;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const mbedtls_x509_crt *peercert;
@@ -713,13 +711,12 @@ mbed_connect_step2(struct connectdata *conn,
}
static CURLcode
-mbed_connect_step3(struct connectdata *conn,
+mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
CURLcode retcode = CURLE_OK;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = conn->data;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
@@ -744,12 +741,13 @@ mbed_connect_step3(struct connectdata *conn,
}
/* If there's already a matching session in the cache, delete it */
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, sockindex))
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ retcode = Curl_ssl_addsessionid(data, conn,
+ our_ssl_sessionid, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(retcode) {
mbedtls_ssl_session_free(our_ssl_sessionid);
free(our_ssl_sessionid);
@@ -788,10 +786,13 @@ static void mbedtls_close_all(struct Curl_easy *data)
(void)data;
}
-static void mbedtls_close(struct connectdata *conn, int sockindex)
+static void mbedtls_close(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+
+ (void) data;
mbedtls_pk_free(&backend->pk);
mbedtls_x509_crt_free(&backend->clicert);
mbedtls_x509_crt_free(&backend->cacert);
@@ -899,13 +900,13 @@ static CURLcode mbedtls_random(struct Curl_easy *data,
}
static CURLcode
-mbed_connect_common(struct connectdata *conn,
+mbed_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode retcode;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
timediff_t timeout_ms;
@@ -926,7 +927,7 @@ mbed_connect_common(struct connectdata *conn,
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
- retcode = mbed_connect_step1(conn, sockindex);
+ retcode = mbed_connect_step1(data, conn, sockindex);
if(retcode)
return retcode;
}
@@ -981,7 +982,7 @@ mbed_connect_common(struct connectdata *conn,
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- retcode = mbed_connect_step2(conn, sockindex);
+ retcode = mbed_connect_step2(data, conn, sockindex);
if(retcode || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -991,7 +992,7 @@ mbed_connect_common(struct connectdata *conn,
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3 == connssl->connecting_state) {
- retcode = mbed_connect_step3(conn, sockindex);
+ retcode = mbed_connect_step3(data, conn, sockindex);
if(retcode)
return retcode;
}
@@ -1011,19 +1012,21 @@ mbed_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode mbedtls_connect_nonblocking(struct connectdata *conn,
+static CURLcode mbedtls_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
- return mbed_connect_common(conn, sockindex, TRUE, done);
+ return mbed_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode mbedtls_connect(struct connectdata *conn, int sockindex)
+static CURLcode mbedtls_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode retcode;
bool done = FALSE;
- retcode = mbed_connect_common(conn, sockindex, FALSE, &done);
+ retcode = mbed_connect_common(data, conn, sockindex, FALSE, &done);
if(retcode)
return retcode;
diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
index 93e3381cf..af1d55e10 100644
--- a/lib/vtls/mesalink.c
+++ b/lib/vtls/mesalink.c
@@ -89,10 +89,10 @@ static int do_file_type(const char *type)
* layer and do all necessary magic.
*/
static CURLcode
-mesalink_connect_step1(struct connectdata *conn, int sockindex)
+mesalink_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
char *ciphers;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct in_addr addr4;
#ifdef ENABLE_IPV6
@@ -260,11 +260,11 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
if(SSL_SET_OPTION(primary.sessionid)) {
void *ssl_sessionid = NULL;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(
data,
"SSL: SSL_set_session failed: %s",
@@ -274,7 +274,7 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
/* Informational message */
infof(data, "SSL re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
#endif /* MESALINK_HAVE_SESSION */
@@ -288,10 +288,10 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
}
static CURLcode
-mesalink_connect_step2(struct connectdata *conn, int sockindex)
+mesalink_connect_step2(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
int ret = -1;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
conn->recv[sockindex] = mesalink_recv;
@@ -348,27 +348,28 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex)
our_ssl_sessionid = SSL_get_session(BACKEND->handle);
- Curl_ssl_sessionid_lock(conn);
+ Curl_ssl_sessionid_lock(data);
incache =
- !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex));
+ !(Curl_ssl_getsessionid(data, conn,
+ &old_ssl_sessionid, NULL, sockindex));
if(incache) {
if(old_ssl_sessionid != our_ssl_sessionid) {
infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
incache = FALSE;
}
}
if(!incache) {
result = Curl_ssl_addsessionid(
- conn, our_ssl_sessionid, 0 /* unknown size */, sockindex);
+ data, conn, our_ssl_sessionid, 0 /* unknown size */, sockindex);
if(result) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "failed to store ssl session");
return result;
}
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
#endif /* MESALINK_HAVE_SESSION */
@@ -408,10 +409,12 @@ mesalink_send(struct Curl_easy *data, int sockindex, const void *mem,
}
static void
-Curl_mesalink_close(struct connectdata *conn, int sockindex)
+mesalink_close(struct Curl_easy *data, struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ (void) data;
+
if(BACKEND->handle) {
(void)SSL_shutdown(BACKEND->handle);
SSL_free(BACKEND->handle);
@@ -458,13 +461,13 @@ mesalink_recv(struct Curl_easy *data, int num, char *buf, size_t buffersize,
}
static size_t
-Curl_mesalink_version(char *buffer, size_t size)
+mesalink_version(char *buffer, size_t size)
{
return msnprintf(buffer, size, "MesaLink/%s", MESALINK_VERSION_STRING);
}
static int
-Curl_mesalink_init(void)
+mesalink_init(void)
{
return (SSL_library_init() == SSL_SUCCESS);
}
@@ -474,11 +477,14 @@ Curl_mesalink_init(void)
* socket open (CCC - Clear Command Channel)
*/
static int
-Curl_mesalink_shutdown(struct connectdata *conn, int sockindex)
+mesalink_shutdown(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ (void) data;
+
if(BACKEND->handle) {
SSL_free(BACKEND->handle);
BACKEND->handle = NULL;
@@ -487,11 +493,10 @@ Curl_mesalink_shutdown(struct connectdata *conn, int sockindex)
}
static CURLcode
-mesalink_connect_common(struct connectdata *conn, int sockindex,
- bool nonblocking, bool *done)
+mesalink_connect_common(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, bool nonblocking, bool *done)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
timediff_t timeout_ms;
@@ -513,7 +518,7 @@ mesalink_connect_common(struct connectdata *conn, int sockindex,
return CURLE_OPERATION_TIMEDOUT;
}
- result = mesalink_connect_step1(conn, sockindex);
+ result = mesalink_connect_step1(data, conn, sockindex);
if(result)
return result;
}
@@ -570,7 +575,7 @@ mesalink_connect_common(struct connectdata *conn, int sockindex,
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- result = mesalink_connect_step2(conn, sockindex);
+ result = mesalink_connect_step2(data, conn, sockindex);
if(result ||
(nonblocking && (ssl_connect_2 == connssl->connecting_state ||
@@ -602,19 +607,20 @@ mesalink_connect_common(struct connectdata *conn, int sockindex,
}
static CURLcode
-Curl_mesalink_connect_nonblocking(struct connectdata *conn, int sockindex,
- bool *done)
+mesalink_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, bool *done)
{
- return mesalink_connect_common(conn, sockindex, TRUE, done);
+ return mesalink_connect_common(data, conn, sockindex, TRUE, done);
}
static CURLcode
-Curl_mesalink_connect(struct connectdata *conn, int sockindex)
+mesalink_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = mesalink_connect_common(conn, sockindex, FALSE, &done);
+ result = mesalink_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -624,8 +630,8 @@ Curl_mesalink_connect(struct connectdata *conn, int sockindex)
}
static void *
-Curl_mesalink_get_internals(struct ssl_connect_data *connssl,
- CURLINFO info UNUSED_PARAM)
+mesalink_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
{
(void)info;
return BACKEND->handle;
@@ -638,26 +644,26 @@ const struct Curl_ssl Curl_ssl_mesalink = {
sizeof(struct ssl_backend_data),
- Curl_mesalink_init, /* init */
- Curl_none_cleanup, /* cleanup */
- Curl_mesalink_version, /* version */
- Curl_none_check_cxn, /* check_cxn */
- Curl_mesalink_shutdown, /* shutdown */
- Curl_none_data_pending, /* data_pending */
- Curl_none_random, /* random */
+ mesalink_init, /* init */
+ Curl_none_cleanup, /* cleanup */
+ mesalink_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ mesalink_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_none_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
- Curl_mesalink_connect, /* connect */
- Curl_mesalink_connect_nonblocking, /* connect_nonblocking */
- Curl_mesalink_get_internals, /* get_internals */
- Curl_mesalink_close, /* close_one */
- Curl_none_close_all, /* close_all */
- Curl_none_session_free, /* session_free */
- Curl_none_set_engine, /* set_engine */
- Curl_none_set_engine_default, /* set_engine_default */
- Curl_none_engines_list, /* engines_list */
- Curl_none_false_start, /* false_start */
- Curl_none_md5sum, /* md5sum */
- NULL /* sha256sum */
+ mesalink_connect, /* connect */
+ mesalink_connect_nonblocking, /* connect_nonblocking */
+ mesalink_get_internals, /* get_internals */
+ mesalink_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_none_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
};
#endif
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 5d043931f..d1357a97f 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -443,7 +443,7 @@ static CURLcode insert_wrapped_ptr(struct Curl_llist *list, void *ptr)
/* Call PK11_CreateGenericObject() with the given obj_class and filename. If
* the call succeeds, append the object handle to the list of objects so that
- * the object can be destroyed in Curl_nss_close(). */
+ * the object can be destroyed in nss_close(). */
static CURLcode nss_create_object(struct ssl_connect_data *connssl,
CK_OBJECT_CLASS obj_class,
const char *filename, bool cacert)
@@ -508,7 +508,7 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl,
/* Destroy the NSS object whose handle is given by ptr. This function is
* a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
- * NSS objects in Curl_nss_close() */
+ * NSS objects in nss_close() */
static void nss_destroy_object(void *user, void *ptr)
{
struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
@@ -665,14 +665,13 @@ fail:
return CURLE_SSL_CRL_BADFILE;
}
-static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
- char *key_file)
+static CURLcode nss_load_key(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, char *key_file)
{
PK11SlotInfo *slot, *tmp;
SECStatus status;
CURLcode result;
struct ssl_connect_data *ssl = conn->ssl;
- struct Curl_easy *data = conn->data;
(void)sockindex; /* unused */
@@ -701,15 +700,15 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM;
}
-static int display_error(struct connectdata *conn, PRInt32 err,
+static int display_error(struct Curl_easy *data, PRInt32 err,
const char *filename)
{
switch(err) {
case SEC_ERROR_BAD_PASSWORD:
- failf(conn->data, "Unable to load client key: Incorrect password");
+ failf(data, "Unable to load client key: Incorrect password");
return 1;
case SEC_ERROR_UNKNOWN_CERT:
- failf(conn->data, "Unable to load certificate %s", filename);
+ failf(data, "Unable to load certificate %s", filename);
return 1;
default:
break;
@@ -717,17 +716,16 @@ static int display_error(struct connectdata *conn, PRInt32 err,
return 0; /* The caller will print a generic error */
}
-static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
- char *cert_file, char *key_file)
+static CURLcode cert_stuff(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, char *cert_file, char *key_file)
{
- struct Curl_easy *data = conn->data;
CURLcode result;
if(cert_file) {
result = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
if(result) {
const PRErrorCode err = PR_GetError();
- if(!display_error(conn, err, cert_file)) {
+ if(!display_error(data, err, cert_file)) {
const char *err_name = nss_error_to_name(err);
failf(data, "unable to load client cert: %d (%s)", err, err_name);
}
@@ -738,13 +736,13 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
if(key_file || (is_file(cert_file))) {
if(key_file)
- result = nss_load_key(conn, sockindex, key_file);
+ result = nss_load_key(data, conn, sockindex, key_file);
else
/* In case the cert file also has the key */
- result = nss_load_key(conn, sockindex, cert_file);
+ result = nss_load_key(data, conn, sockindex, cert_file);
if(result) {
const PRErrorCode err = PR_GetError();
- if(!display_error(conn, err, key_file)) {
+ if(!display_error(data, err, key_file)) {
const char *err_name = nss_error_to_name(err);
failf(data, "unable to load client key: %d (%s)", err, err_name);
}
@@ -771,7 +769,8 @@ static char *nss_get_password(PK11SlotInfo *slot, PRBool retry, void *arg)
static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
PRBool isServer)
{
- struct connectdata *conn = (struct connectdata *)arg;
+ struct Curl_easy *data = (struct Curl_easy *)arg;
+ struct connectdata *conn = data->conn;
#ifdef SSL_ENABLE_OCSP_STAPLING
if(SSL_CONN_CONFIG(verifystatus)) {
@@ -779,12 +778,12 @@ static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
const SECItemArray *csa = SSL_PeerStapledOCSPResponses(fd);
if(!csa) {
- failf(conn->data, "Invalid OCSP response");
+ failf(data, "Invalid OCSP response");
return SECFailure;
}
if(csa->len == 0) {
- failf(conn->data, "No OCSP response received");
+ failf(data, "No OCSP response received");
return SECFailure;
}
@@ -794,14 +793,14 @@ static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
);
if(cacheResult != SECSuccess) {
- failf(conn->data, "Invalid OCSP response");
+ failf(data, "Invalid OCSP response");
return cacheResult;
}
}
#endif
if(!SSL_CONN_CONFIG(verifypeer)) {
- infof(conn->data, "skipping SSL peer certificate verification\n");
+ infof(data, "skipping SSL peer certificate verification\n");
return SECSuccess;
}
@@ -813,8 +812,8 @@ static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
*/
static void HandshakeCallback(PRFileDesc *sock, void *arg)
{
- struct connectdata *conn = (struct connectdata*) arg;
- struct Curl_easy *data = conn->data;
+ struct Curl_easy *data = (struct Curl_easy *)arg;
+ struct connectdata *conn = data->conn;
unsigned int buflenmax = 50;
unsigned char buf[50];
unsigned int buflen;
@@ -857,7 +856,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
}
- Curl_multiuse_state(conn->data, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
}
@@ -866,8 +865,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data,
PRBool *canFalseStart)
{
- struct connectdata *conn = client_data;
- struct Curl_easy *data = conn->data;
+ struct Curl_easy *data = (struct Curl_easy *)client_data;
SSLChannelInfo channelInfo;
SSLCipherSuiteInfo cipherInfo;
@@ -950,10 +948,9 @@ static void display_cert_info(struct Curl_easy *data,
PR_Free(common_name);
}
-static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
{
CURLcode result = CURLE_OK;
- struct Curl_easy *data = conn->data;
SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
CERTCertificate *cert;
@@ -1023,8 +1020,8 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
{
- struct connectdata *conn = (struct connectdata *)arg;
- struct Curl_easy *data = conn->data;
+ struct Curl_easy *data = (struct Curl_easy *)arg;
+ struct connectdata *conn = data->conn;
PRErrorCode err = PR_GetError();
CERTCertificate *cert;
@@ -1549,7 +1546,8 @@ static void close_one(struct ssl_connect_data *connssl)
/*
* This function is called when an SSL connection is closed.
*/
-static void nss_close(struct connectdata *conn, int sockindex)
+static void nss_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
#ifndef CURL_DISABLE_PROXY
@@ -1557,6 +1555,7 @@ static void nss_close(struct connectdata *conn, int sockindex)
#endif
struct ssl_backend_data *backend = connssl->backend;
+ (void)data;
if(backend->handle
#ifndef CURL_DISABLE_PROXY
|| connssl_proxy->backend->handle
@@ -1613,10 +1612,10 @@ static bool is_cc_error(PRInt32 err)
static Curl_recv nss_recv;
static Curl_send nss_send;
-static CURLcode nss_load_ca_certificates(struct connectdata *conn,
+static CURLcode nss_load_ca_certificates(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
const char *cafile = SSL_CONN_CONFIG(CAfile);
const char *capath = SSL_CONN_CONFIG(CApath);
bool use_trust_module;
@@ -1821,14 +1820,14 @@ static CURLcode nss_set_blocking(struct ssl_connect_data *connssl,
return CURLE_OK;
}
-static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+static CURLcode nss_setup_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
PRFileDesc *model = NULL;
PRFileDesc *nspr_io = NULL;
PRFileDesc *nspr_io_stub = NULL;
PRBool ssl_no_cache;
PRBool ssl_cbc_random_iv;
- struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -1851,11 +1850,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
backend->data = data;
- /* list of all NSS objects we need to destroy in Curl_nss_close() */
+ /* list of all NSS objects we need to destroy in nss_do_close() */
Curl_llist_init(&backend->obj_list, nss_destroy_object);
PR_Lock(nss_initlock);
- result = nss_setup(conn->data);
+ result = nss_setup(data);
if(result) {
PR_Unlock(nss_initlock);
goto error;
@@ -1935,20 +1934,20 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
/* bypass the default SSL_AuthCertificate() hook in case we do not want to
* verify peer */
- if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
+ if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, data) != SECSuccess)
goto error;
/* not checked yet */
SSL_SET_OPTION_LVALUE(certverifyresult) = 0;
- if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
+ if(SSL_BadCertHook(model, BadCertHandler, data) != SECSuccess)
goto error;
- if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
+ if(SSL_HandshakeCallback(model, HandshakeCallback, data) != SECSuccess)
goto error;
{
- const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+ const CURLcode rv = nss_load_ca_certificates(data, conn, sockindex);
if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
/* not a fatal error because we are not going to verify the peer */
infof(data, "warning: CA certificates failed to load\n");
@@ -1974,7 +1973,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
backend->obj_clicert = NULL;
}
else {
- CURLcode rv = cert_stuff(conn, sockindex,
+ CURLcode rv = cert_stuff(data, conn, sockindex,
SSL_SET_OPTION(primary.clientcert),
SSL_SET_OPTION(key));
if(rv) {
@@ -2073,7 +2072,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
goto error;
if(SSL_SetCanFalseStartCallback(backend->handle, CanFalseStartCallback,
- conn) != SECSuccess)
+ data) != SECSuccess)
goto error;
}
#endif
@@ -2127,11 +2126,11 @@ error:
return nss_fail_connect(connssl, data, result);
}
-static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+static CURLcode nss_do_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = conn->data;
CURLcode result = CURLE_SSL_CONNECT_ERROR;
PRUint32 timeout;
@@ -2156,7 +2155,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
goto error;
}
- result = display_conn_info(conn, backend->handle);
+ result = display_conn_info(data, backend->handle);
if(result)
goto error;
@@ -2190,11 +2189,11 @@ error:
return nss_fail_connect(connssl, data, result);
}
-static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+static CURLcode nss_connect_common(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex,
bool *done)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct Curl_easy *data = conn->data;
const bool blocking = (done == NULL);
CURLcode result;
@@ -2205,7 +2204,7 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
}
if(connssl->connecting_state == ssl_connect_1) {
- result = nss_setup_connect(conn, sockindex);
+ result = nss_setup_connect(data, conn, sockindex);
if(result)
/* we do not expect CURLE_AGAIN from nss_setup_connect() */
return result;
@@ -2218,7 +2217,7 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
if(result)
return result;
- result = nss_do_connect(conn, sockindex);
+ result = nss_do_connect(data, conn, sockindex);
switch(result) {
case CURLE_OK:
break;
@@ -2251,15 +2250,17 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
return CURLE_OK;
}
-static CURLcode nss_connect(struct connectdata *conn, int sockindex)
+static CURLcode nss_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- return nss_connect_common(conn, sockindex, /* blocking */ NULL);
+ return nss_connect_common(data, conn, sockindex, /* blocking */ NULL);
}
-static CURLcode nss_connect_nonblocking(struct connectdata *conn,
+static CURLcode nss_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
- return nss_connect_common(conn, sockindex, done);
+ return nss_connect_common(data, conn, sockindex, done);
}
static ssize_t nss_send(struct Curl_easy *data, /* transfer */
@@ -2288,7 +2289,7 @@ static ssize_t nss_send(struct Curl_easy *data, /* transfer */
infof(data, "SSL write: error %d (%s)\n", err, err_name);
/* print a human-readable message describing the error if available */
- nss_print_error_message(conn->data, err);
+ nss_print_error_message(data, err);
*curlcode = (is_cc_error(err))
? CURLE_SSL_CERTPROBLEM
@@ -2303,8 +2304,8 @@ static ssize_t nss_send(struct Curl_easy *data, /* transfer */
static ssize_t nss_recv(struct Curl_easy *data, /* transfer */
int sockindex, /* socketindex */
- char *buf, /* store read data here */
- size_t buffersize, /* max amount to read */
+ char *buf, /* store read data here */
+ size_t buffersize, /* max amount to read */
CURLcode *curlcode)
{
struct connectdata *conn = data->conn;
@@ -2330,7 +2331,7 @@ static ssize_t nss_recv(struct Curl_easy *data, /* transfer */
infof(data, "SSL read: errno %d (%s)\n", err, err_name);
/* print a human-readable message describing the error if available */
- nss_print_error_message(conn->data, err);
+ nss_print_error_message(data, err);
*curlcode = (is_cc_error(err))
? CURLE_SSL_CERTPROBLEM
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 319d27deb..f99b663aa 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -362,6 +362,18 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size)
return buf;
}
+/* Return an extra data index for the transfer data.
+ * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
+ */
+static int ossl_get_ssl_data_index(void)
+{
+ static int ssl_ex_data_data_index = -1;
+ if(ssl_ex_data_data_index < 0) {
+ ssl_ex_data_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+ }
+ return ssl_ex_data_data_index;
+}
+
/* Return an extra data index for the connection data.
* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
*/
@@ -572,8 +584,7 @@ static bool is_pkcs11_uri(const char *string)
#endif
-static CURLcode ossl_set_engine(struct Curl_easy *data,
- const char *engine);
+static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine);
static int
SSL_CTX_use_certificate_bio(SSL_CTX *ctx, BIO *in, int type,
@@ -700,7 +711,7 @@ SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
}
static
-int cert_stuff(struct connectdata *conn,
+int cert_stuff(struct Curl_easy *data,
SSL_CTX* ctx,
char *cert_file,
BIO *cert_bio,
@@ -710,7 +721,6 @@ int cert_stuff(struct connectdata *conn,
const char *key_type,
char *key_passwd)
{
- struct Curl_easy *data = conn->data;
char error_buffer[256];
bool check_privkey = TRUE;
@@ -1161,7 +1171,8 @@ static int ossl_init(void)
Curl_tls_keylog_open();
/* Initialize the extra data indexes */
- if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0)
+ if(ossl_get_ssl_data_index() < 0 || ossl_get_ssl_conn_index() < 0 ||
+ ossl_get_ssl_sockindex_index() < 0)
return 0;
return 1;
@@ -1258,8 +1269,7 @@ static int ossl_check_cxn(struct connectdata *conn)
/* Selects an OpenSSL crypto engine
*/
-static CURLcode ossl_set_engine(struct Curl_easy *data,
- const char *engine)
+static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine)
{
#ifdef USE_OPENSSL_ENGINE
ENGINE *e;
@@ -1365,8 +1375,10 @@ static void ossl_closeone(struct ssl_connect_data *connssl)
/*
* This function is called when an SSL connection is closed.
*/
-static void ossl_close(struct connectdata *conn, int sockindex)
+static void ossl_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
+ (void) data;
ossl_closeone(&conn->ssl[sockindex]);
#ifndef CURL_DISABLE_PROXY
ossl_closeone(&conn->proxy_ssl[sockindex]);
@@ -1377,11 +1389,11 @@ static void ossl_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
-static int ossl_shutdown(struct connectdata *conn, int sockindex)
+static int ossl_shutdown(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct Curl_easy *data = conn->data;
char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
to be at least 256 bytes long. */
unsigned long sslerror;
@@ -1582,12 +1594,12 @@ static bool subj_alt_hostcheck(struct Curl_easy *data,
in the certificate and must exactly match the IP in the URI.
*/
-static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
+static CURLcode verifyhost(struct Curl_easy *data, struct connectdata *conn,
+ X509 *server_cert)
{
bool matched = FALSE;
int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
size_t addrlen = 0;
- struct Curl_easy *data = conn->data;
STACK_OF(GENERAL_NAME) *altnames;
#ifdef ENABLE_IPV6
struct in6_addr addr;
@@ -1782,14 +1794,13 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
!defined(OPENSSL_NO_OCSP)
-static CURLcode verifystatus(struct connectdata *conn,
+static CURLcode verifystatus(struct Curl_easy *data,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
- struct Curl_easy *data = conn->data;
OCSP_RESPONSE *rsp = NULL;
OCSP_BASICRESP *br = NULL;
X509_STORE *st = NULL;
@@ -2359,16 +2370,14 @@ typedef long ctx_option_t;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
static CURLcode
set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
- struct connectdata *conn, int sockindex)
+ struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
-#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
- /* convoluted #if condition just to avoid compiler warnings on unused
- variable */
- struct Curl_easy *data = conn->data;
-#endif
long ssl_version = SSL_CONN_CONFIG(version);
long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ (void) data; /* In case it's unused. */
+
switch(ssl_version) {
case CURL_SSLVERSION_TLSv1_3:
#ifdef TLS1_3_VERSION
@@ -2443,17 +2452,18 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
struct Curl_easy *data;
int sockindex;
curl_socket_t *sockindex_ptr;
+ int data_idx = ossl_get_ssl_data_index();
int connectdata_idx = ossl_get_ssl_conn_index();
int sockindex_idx = ossl_get_ssl_sockindex_index();
- if(connectdata_idx < 0 || sockindex_idx < 0)
+ if(data_idx < 0 || connectdata_idx < 0 || sockindex_idx < 0)
return 0;
conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx);
if(!conn)
return 0;
- data = conn->data;
+ data = (struct Curl_easy *) SSL_get_ex_data(ssl, data_idx);
/* The sockindex has been stored as a pointer to an array element */
sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx);
@@ -2463,19 +2473,19 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
bool incache;
void *old_ssl_sessionid = NULL;
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL,
sockindex));
if(incache) {
if(old_ssl_sessionid != ssl_sessionid) {
infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
incache = FALSE;
}
}
if(!incache) {
- if(!Curl_ssl_addsessionid(conn, ssl_sessionid,
+ if(!Curl_ssl_addsessionid(data, conn, ssl_sessionid,
0 /* unknown size */, sockindex)) {
/* the session has been put into the session cache */
res = 1;
@@ -2483,17 +2493,17 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
else
failf(data, "failed to store ssl session");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
return res;
}
-static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+static CURLcode ossl_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result = CURLE_OK;
char *ciphers;
- struct Curl_easy *data = conn->data;
SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
X509_LOOKUP *lookup = NULL;
curl_socket_t sockfd = conn->sock[sockindex];
@@ -2714,7 +2724,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
result = set_ssl_version_min_max(backend->ctx, conn);
#else
- result = set_ssl_version_min_max_legacy(&ctx_options, conn, sockindex);
+ result = set_ssl_version_min_max_legacy(&ctx_options, data, conn,
+ sockindex);
#endif
if(result != CURLE_OK)
return result;
@@ -2782,7 +2793,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
result = CURLE_OUT_OF_MEMORY;
}
if(!result &&
- !cert_stuff(conn, backend->ctx,
+ !cert_stuff(data, backend->ctx,
ssl_cert, ssl_cert_bio, ssl_cert_type,
SSL_SET_OPTION(key), ssl_key_bio,
SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)))
@@ -3187,21 +3198,23 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
/* Check if there's a cached ID we can/should use here! */
if(SSL_SET_OPTION(primary.sessionid)) {
void *ssl_sessionid = NULL;
+ int data_idx = ossl_get_ssl_data_index();
int connectdata_idx = ossl_get_ssl_conn_index();
int sockindex_idx = ossl_get_ssl_sockindex_index();
- if(connectdata_idx >= 0 && sockindex_idx >= 0) {
+ if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0) {
/* Store the data needed for the "new session" callback.
* The sockindex is stored as a pointer to an array element. */
+ SSL_set_ex_data(backend->handle, data_idx, data);
SSL_set_ex_data(backend->handle, connectdata_idx, conn);
SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex);
}
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(backend->handle, ssl_sessionid)) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "SSL: SSL_set_session failed: %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)));
@@ -3210,7 +3223,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
/* Informational message */
infof(data, "SSL re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
#ifndef CURL_DISABLE_PROXY
@@ -3237,9 +3250,9 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
+static CURLcode ossl_connect_step2(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
- struct Curl_easy *data = conn->data;
int err;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -3491,13 +3504,12 @@ typedef size_t numcert_t;
typedef int numcert_t;
#endif
-static CURLcode get_cert_chain(struct connectdata *conn,
+static CURLcode get_cert_chain(struct Curl_easy *data,
struct ssl_connect_data *connssl)
{
CURLcode result;
STACK_OF(X509) *sk;
int i;
- struct Curl_easy *data = conn->data;
numcert_t numcerts;
BIO *mem;
struct ssl_backend_data *backend = connssl->backend;
@@ -3772,14 +3784,14 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
* We check certificates to authenticate the server; otherwise we risk
* man-in-the-middle attack.
*/
-static CURLcode servercert(struct connectdata *conn,
+static CURLcode servercert(struct Curl_easy *data,
+ struct connectdata *conn,
struct ssl_connect_data *connssl,
bool strict)
{
CURLcode result = CURLE_OK;
int rc;
long lerr;
- struct Curl_easy *data = conn->data;
X509 *issuer;
BIO *fp = NULL;
char error_buffer[256]="";
@@ -3790,7 +3802,7 @@ static CURLcode servercert(struct connectdata *conn,
if(data->set.ssl.certinfo)
/* we've been asked to gather certificate info! */
- (void)get_cert_chain(conn, connssl);
+ (void)get_cert_chain(data, connssl);
backend->server_cert = SSL_get_peer_certificate(backend->handle);
if(!backend->server_cert) {
@@ -3826,7 +3838,7 @@ static CURLcode servercert(struct connectdata *conn,
BIO_free(mem);
if(SSL_CONN_CONFIG(verifyhost)) {
- result = verifyhost(conn, backend->server_cert);
+ result = verifyhost(data, conn, backend->server_cert);
if(result) {
X509_free(backend->server_cert);
backend->server_cert = NULL;
@@ -3928,7 +3940,7 @@ static CURLcode servercert(struct connectdata *conn,
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
!defined(OPENSSL_NO_OCSP)
if(SSL_CONN_CONFIG(verifystatus)) {
- result = verifystatus(conn, connssl);
+ result = verifystatus(data, connssl);
if(result) {
X509_free(backend->server_cert);
backend->server_cert = NULL;
@@ -3956,7 +3968,8 @@ static CURLcode servercert(struct connectdata *conn,
return result;
}
-static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
+static CURLcode ossl_connect_step3(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result = CURLE_OK;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -3970,8 +3983,8 @@ static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
* operations.
*/
- result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
- SSL_CONN_CONFIG(verifyhost)));
+ result = servercert(data, conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
+ SSL_CONN_CONFIG(verifyhost)));
if(!result)
connssl->connecting_state = ssl_connect_done;
@@ -3982,13 +3995,13 @@ static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
static Curl_recv ossl_recv;
static Curl_send ossl_send;
-static CURLcode ossl_connect_common(struct connectdata *conn,
+static CURLcode ossl_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
int what;
@@ -4009,7 +4022,7 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
return CURLE_OPERATION_TIMEDOUT;
}
- result = ossl_connect_step1(conn, sockindex);
+ result = ossl_connect_step1(data, conn, sockindex);
if(result)
return result;
}
@@ -4061,7 +4074,7 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
* before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on.
*/
- result = ossl_connect_step2(conn, sockindex);
+ result = ossl_connect_step2(data, conn, sockindex);
if(result || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -4071,7 +4084,7 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3 == connssl->connecting_state) {
- result = ossl_connect_step3(conn, sockindex);
+ result = ossl_connect_step3(data, conn, sockindex);
if(result)
return result;
}
@@ -4091,19 +4104,21 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode ossl_connect_nonblocking(struct connectdata *conn,
+static CURLcode ossl_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool *done)
{
- return ossl_connect_common(conn, sockindex, TRUE, done);
+ return ossl_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode ossl_connect(struct connectdata *conn, int sockindex)
+static CURLcode ossl_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = ossl_connect_common(conn, sockindex, FALSE, &done);
+ result = ossl_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -4265,7 +4280,7 @@ static ssize_t ossl_recv(struct Curl_easy *data, /* transfer */
strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
error_buffer[sizeof(error_buffer) - 1] = '\0';
}
- failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
+ failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d",
error_buffer, sockerr);
*curlcode = CURLE_RECV_ERROR;
return -1;
@@ -4287,7 +4302,7 @@ static ssize_t ossl_recv(struct Curl_easy *data, /* transfer */
msnprintf(error_buffer, sizeof(error_buffer),
"Connection closed abruptly");
}
- failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d"
+ failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d"
" (Fatal because this is a curl debug build)",
error_buffer, sockerr);
*curlcode = CURLE_RECV_ERROR;
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 4f647bd5d..5a35eb21e 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -142,7 +142,8 @@
static Curl_recv schannel_recv;
static Curl_send schannel_send;
-static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex,
const char *pinnedpubkey);
static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType,
@@ -162,9 +163,9 @@ static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr,
}
static CURLcode
-set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct connectdata *conn)
+set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct Curl_easy *data,
+ struct connectdata *conn)
{
- struct Curl_easy *data = conn->data;
long ssl_version = SSL_CONN_CONFIG(version);
long ssl_version_max = SSL_CONN_CONFIG(version_max);
long i = ssl_version;
@@ -405,10 +406,10 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
#endif
static CURLcode
-schannel_connect_step1(struct connectdata *conn, int sockindex)
+schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
ssize_t written = -1;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
SecBuffer outbuf;
SecBufferDesc outbuf_desc;
@@ -493,8 +494,9 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
/* check for an existing re-usable credential handle */
if(SSL_SET_OPTION(primary.sessionid)) {
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
+ (void **)&old_cred, NULL, sockindex)) {
BACKEND->cred = old_cred;
DEBUGF(infof(data, "schannel: re-using existing credential handle\n"));
@@ -504,7 +506,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
"schannel: incremented credential handle refcount = %d\n",
BACKEND->cred->refcount));
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
if(!BACKEND->cred) {
@@ -563,7 +565,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- result = set_ssl_version_min_max(&schannel_cred, conn);
+ result = set_ssl_version_min_max(&schannel_cred, data, conn);
if(result != CURLE_OK)
return result;
break;
@@ -980,11 +982,11 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
}
static CURLcode
-schannel_connect_step2(struct connectdata *conn, int sockindex)
+schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
int i;
ssize_t nread = -1, written = -1;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
unsigned char *reallocated_buffer;
SecBuffer outbuf[3];
@@ -1252,7 +1254,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
if(pubkey_ptr) {
- result = pkp_pin_peer_pubkey(conn, sockindex, pubkey_ptr);
+ result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr);
if(result) {
failf(data, "SSL: public key does not match pinned public key!");
return result;
@@ -1261,7 +1263,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
#ifdef HAS_MANUAL_VERIFY_API
if(conn->ssl_config.verifypeer && BACKEND->use_manual_cred_validation) {
- return Curl_verify_certificate(conn, sockindex);
+ return Curl_verify_certificate(data, conn, sockindex);
}
#endif
@@ -1328,10 +1330,10 @@ add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, void *raw_arg)
}
static CURLcode
-schannel_connect_step3(struct connectdata *conn, int sockindex)
+schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result = CURLE_OK;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
SECURITY_STATUS sspi_status = SEC_E_OK;
CERT_CONTEXT *ccert_context = NULL;
@@ -1411,24 +1413,24 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
bool incache;
struct Curl_schannel_cred *old_cred = NULL;
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL,
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn, (void **)&old_cred, NULL,
sockindex));
if(incache) {
if(old_cred != BACKEND->cred) {
DEBUGF(infof(data,
"schannel: old credential handle is stale, removing\n"));
/* we're not taking old_cred ownership here, no refcount++ is needed */
- Curl_ssl_delsessionid(conn, (void *)old_cred);
+ Curl_ssl_delsessionid(data, (void *)old_cred);
incache = FALSE;
}
}
if(!incache) {
- result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred,
+ result = Curl_ssl_addsessionid(data, conn, (void *)BACKEND->cred,
sizeof(struct Curl_schannel_cred),
sockindex);
if(result) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "schannel: failed to store credential handle");
return result;
}
@@ -1439,7 +1441,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
"schannel: stored credential handle in session cache\n"));
}
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
if(data->set.ssl.certinfo) {
@@ -1476,11 +1478,10 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
}
static CURLcode
-schannel_connect_common(struct connectdata *conn, int sockindex,
- bool nonblocking, bool *done)
+schannel_connect_common(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, bool nonblocking, bool *done)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
timediff_t timeout_ms;
@@ -1502,7 +1503,7 @@ schannel_connect_common(struct connectdata *conn, int sockindex,
return CURLE_OPERATION_TIMEDOUT;
}
- result = schannel_connect_step1(conn, sockindex);
+ result = schannel_connect_step1(data, conn, sockindex);
if(result)
return result;
}
@@ -1557,7 +1558,7 @@ schannel_connect_common(struct connectdata *conn, int sockindex,
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- result = schannel_connect_step2(conn, sockindex);
+ result = schannel_connect_step2(data, conn, sockindex);
if(result || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -1567,7 +1568,7 @@ schannel_connect_common(struct connectdata *conn, int sockindex,
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3 == connssl->connecting_state) {
- result = schannel_connect_step3(conn, sockindex);
+ result = schannel_connect_step3(data, conn, sockindex);
if(result)
return result;
}
@@ -1957,7 +1958,7 @@ schannel_recv(struct Curl_easy *data, int sockindex,
infof(data, "schannel: renegotiating SSL/TLS connection\n");
connssl->state = ssl_connection_negotiating;
connssl->connecting_state = ssl_connect_2_writing;
- *err = schannel_connect_common(conn, sockindex, FALSE, &done);
+ *err = schannel_connect_common(data, conn, sockindex, FALSE, &done);
if(*err) {
infof(data, "schannel: renegotiation failed\n");
goto cleanup;
@@ -2064,18 +2065,20 @@ schannel_recv(struct Curl_easy *data, int sockindex,
return *err ? -1 : 0;
}
-static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
- int sockindex, bool *done)
+static CURLcode schannel_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex, bool *done)
{
- return schannel_connect_common(conn, sockindex, TRUE, done);
+ return schannel_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex)
+static CURLcode schannel_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = schannel_connect_common(conn, sockindex, FALSE, &done);
+ result = schannel_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -2084,8 +2087,8 @@ static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static bool Curl_schannel_data_pending(const struct connectdata *conn,
- int sockindex)
+static bool schannel_data_pending(const struct connectdata *conn,
+ int sockindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -2096,14 +2099,15 @@ static bool Curl_schannel_data_pending(const struct connectdata *conn,
return FALSE;
}
-static void Curl_schannel_close(struct connectdata *conn, int sockindex)
+static void schannel_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
if(conn->ssl[sockindex].use)
/* if the SSL/TLS channel hasn't been shut down yet, do that now. */
- Curl_ssl_shutdown(conn, sockindex);
+ Curl_ssl_shutdown(data, conn, sockindex);
}
-static void Curl_schannel_session_free(void *ptr)
+static void schannel_session_free(void *ptr)
{
/* this is expected to be called under sessionid lock */
struct Curl_schannel_cred *cred = ptr;
@@ -2115,12 +2119,12 @@ static void Curl_schannel_session_free(void *ptr)
}
}
-static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
+static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
/* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
* Shutting Down an Schannel Connection
*/
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
#ifndef CURL_DISABLE_PROXY
char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@@ -2203,14 +2207,9 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
/* free SSPI Schannel API credential handle */
if(BACKEND->cred) {
- /*
- * When this function is called from Curl_schannel_close() the connection
- * might not have an associated transfer so the check for conn->data is
- * necessary.
- */
- Curl_ssl_sessionid_lock(conn);
- Curl_schannel_session_free(BACKEND->cred);
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_lock(data);
+ schannel_session_free(BACKEND->cred);
+ Curl_ssl_sessionid_unlock(data);
BACKEND->cred = NULL;
}
@@ -2232,25 +2231,25 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static int Curl_schannel_init(void)
+static int schannel_init(void)
{
return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
}
-static void Curl_schannel_cleanup(void)
+static void schannel_cleanup(void)
{
Curl_sspi_global_cleanup();
}
-static size_t Curl_schannel_version(char *buffer, size_t size)
+static size_t schannel_version(char *buffer, size_t size)
{
size = msnprintf(buffer, size, "Schannel");
return size;
}
-static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
- unsigned char *entropy, size_t length)
+static CURLcode schannel_random(struct Curl_easy *data UNUSED_PARAM,
+ unsigned char *entropy, size_t length)
{
HCRYPTPROV hCryptProv = 0;
@@ -2269,10 +2268,10 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
return CURLE_OK;
}
-static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex,
const char *pinnedpubkey)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CERT_CONTEXT *pCertContextServer = NULL;
@@ -2334,12 +2333,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
return result;
}
-static void Curl_schannel_checksum(const unsigned char *input,
- size_t inputlen,
- unsigned char *checksum,
- size_t checksumlen,
- DWORD provType,
- const unsigned int algId)
+static void schannel_checksum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *checksum,
+ size_t checksumlen,
+ DWORD provType,
+ const unsigned int algId)
{
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
@@ -2384,28 +2383,27 @@ static void Curl_schannel_checksum(const unsigned char *input,
CryptReleaseContext(hProv, 0);
}
-static CURLcode Curl_schannel_md5sum(unsigned char *input,
- size_t inputlen,
- unsigned char *md5sum,
- size_t md5len)
+static CURLcode schannel_md5sum(unsigned char *input,
+ size_t inputlen,
+ unsigned char *md5sum,
+ size_t md5len)
{
- Curl_schannel_checksum(input, inputlen, md5sum, md5len,
- PROV_RSA_FULL, CALG_MD5);
+ schannel_checksum(input, inputlen, md5sum, md5len, PROV_RSA_FULL, CALG_MD5);
return CURLE_OK;
}
-static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
- size_t inputlen,
- unsigned char *sha256sum,
- size_t sha256len)
+static CURLcode schannel_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len)
{
- Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
- PROV_RSA_AES, CALG_SHA_256);
+ schannel_checksum(input, inputlen, sha256sum, sha256len,
+ PROV_RSA_AES, CALG_SHA_256);
return CURLE_OK;
}
-static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
- CURLINFO info UNUSED_PARAM)
+static void *schannel_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
{
(void)info;
return &BACKEND->ctxt->ctxt_handle;
@@ -2419,26 +2417,26 @@ const struct Curl_ssl Curl_ssl_schannel = {
sizeof(struct ssl_backend_data),
- Curl_schannel_init, /* init */
- Curl_schannel_cleanup, /* cleanup */
- Curl_schannel_version, /* version */
+ schannel_init, /* init */
+ schannel_cleanup, /* cleanup */
+ schannel_version, /* version */
Curl_none_check_cxn, /* check_cxn */
- Curl_schannel_shutdown, /* shutdown */
- Curl_schannel_data_pending, /* data_pending */
- Curl_schannel_random, /* random */
+ schannel_shutdown, /* shutdown */
+ schannel_data_pending, /* data_pending */
+ schannel_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
- Curl_schannel_connect, /* connect */
- Curl_schannel_connect_nonblocking, /* connect_nonblocking */
- Curl_schannel_get_internals, /* get_internals */
- Curl_schannel_close, /* close_one */
+ schannel_connect, /* connect */
+ schannel_connect_nonblocking, /* connect_nonblocking */
+ schannel_get_internals, /* get_internals */
+ schannel_close, /* close_one */
Curl_none_close_all, /* close_all */
- Curl_schannel_session_free, /* session_free */
+ schannel_session_free, /* session_free */
Curl_none_set_engine, /* set_engine */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_schannel_md5sum, /* md5sum */
- Curl_schannel_sha256sum /* sha256sum */
+ schannel_md5sum, /* md5sum */
+ schannel_sha256sum /* sha256sum */
};
#endif /* USE_SCHANNEL */
diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
index 085b3f455..2952caa1a 100644
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@@ -8,7 +8,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
- * Copyright (C) 2012 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -53,7 +53,8 @@
extern const struct Curl_ssl Curl_ssl_schannel;
-CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex);
+CURLcode Curl_verify_certificate(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex);
/* structs to expose only in schannel.c and schannel_verify.c */
#ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index 4b18fc0bf..2ef39cc0f 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -79,10 +79,9 @@ static int is_cr_or_lf(char c)
static CURLcode add_certs_to_store(HCERTSTORE trust_store,
const char *ca_file,
- struct connectdata *conn)
+ struct Curl_easy *data)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
HANDLE ca_file_handle = INVALID_HANDLE_VALUE;
LARGE_INTEGER file_size;
char *ca_file_buffer = NULL;
@@ -527,10 +526,10 @@ cleanup:
return result;
}
-CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex)
+CURLcode Curl_verify_certificate(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
SECURITY_STATUS sspi_status;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode result = CURLE_OK;
CERT_CONTEXT *pCertContextServer = NULL;
@@ -584,7 +583,7 @@ CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex)
}
else {
result = add_certs_to_store(trust_store, SSL_CONN_CONFIG(CAfile),
- conn);
+ data);
}
}
@@ -675,7 +674,7 @@ CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex)
if(result == CURLE_OK) {
if(SSL_CONN_CONFIG(verifyhost)) {
- result = verify_host(conn->data, pCertContextServer, conn_hostname);
+ result = verify_host(data, pCertContextServer, conn_hostname);
}
}
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index aae614946..dfe3d28f4 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -1291,9 +1291,9 @@ static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver,
#endif
static CURLcode
-set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
long ssl_version = SSL_CONN_CONFIG(version);
@@ -1387,10 +1387,10 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
}
-static CURLcode sectransp_connect_step1(struct connectdata *conn,
+static CURLcode sectransp_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -1478,7 +1478,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
@@ -1527,7 +1527,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
@@ -1952,12 +1952,12 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
char *ssl_sessionid;
size_t ssl_sessionid_len;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, (void **)&ssl_sessionid,
&ssl_sessionid_len, sockindex)) {
/* we got a session id, use it! */
err = SSLSetPeerID(backend->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
if(err != noErr) {
failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1976,14 +1976,14 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
err = SSLSetPeerID(backend->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
if(err != noErr) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
- result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
- sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ result = Curl_ssl_addsessionid(data, conn, ssl_sessionid,
+ ssl_sessionid_len, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(result) {
failf(data, "failed to store ssl session");
return result;
@@ -2379,9 +2379,9 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
#endif /* SECTRANSP_PINNEDPUBKEY */
static CURLcode
-sectransp_connect_step2(struct connectdata *conn, int sockindex)
+sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
OSStatus err;
@@ -2418,7 +2418,7 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex)
return result;
}
/* the documentation says we need to call SSLHandshake() again */
- return sectransp_connect_step2(conn, sockindex);
+ return sectransp_connect_step2(data, conn, sockindex);
/* Problem with encrypt / decrypt */
case errSSLPeerDecodeError:
@@ -2711,10 +2711,10 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex)
#ifndef CURL_DISABLE_VERBOSE_STRINGS
/* This should be called during step3 of the connection at the earliest */
static void
-show_verbose_server_cert(struct connectdata *conn,
+show_verbose_server_cert(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CFArrayRef server_certs = NULL;
@@ -2817,10 +2817,9 @@ show_verbose_server_cert(struct connectdata *conn,
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
static CURLcode
-sectransp_connect_step3(struct connectdata *conn,
+sectransp_connect_step3(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
/* There is no step 3!
@@ -2828,7 +2827,7 @@ sectransp_connect_step3(struct connectdata *conn,
* server certificates. */
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(data->set.verbose)
- show_verbose_server_cert(conn, sockindex);
+ show_verbose_server_cert(data, conn, sockindex);
#endif
connssl->connecting_state = ssl_connect_done;
@@ -2839,13 +2838,13 @@ static Curl_recv sectransp_recv;
static Curl_send sectransp_send;
static CURLcode
-sectransp_connect_common(struct connectdata *conn,
+sectransp_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
int what;
@@ -2866,7 +2865,7 @@ sectransp_connect_common(struct connectdata *conn,
return CURLE_OPERATION_TIMEDOUT;
}
- result = sectransp_connect_step1(conn, sockindex);
+ result = sectransp_connect_step1(data, conn, sockindex);
if(result)
return result;
}
@@ -2920,7 +2919,7 @@ sectransp_connect_common(struct connectdata *conn,
* before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on.
*/
- result = sectransp_connect_step2(conn, sockindex);
+ result = sectransp_connect_step2(data, conn, sockindex);
if(result || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -2931,7 +2930,7 @@ sectransp_connect_common(struct connectdata *conn,
if(ssl_connect_3 == connssl->connecting_state) {
- result = sectransp_connect_step3(conn, sockindex);
+ result = sectransp_connect_step3(data, conn, sockindex);
if(result)
return result;
}
@@ -2951,18 +2950,20 @@ sectransp_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode Curl_sectransp_connect_nonblocking(struct connectdata *conn,
- int sockindex, bool *done)
+static CURLcode sectransp_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex, bool *done)
{
- return sectransp_connect_common(conn, sockindex, TRUE, done);
+ return sectransp_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode Curl_sectransp_connect(struct connectdata *conn, int sockindex)
+static CURLcode sectransp_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = sectransp_connect_common(conn, sockindex, FALSE, &done);
+ result = sectransp_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -2972,11 +2973,14 @@ static CURLcode Curl_sectransp_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static void Curl_sectransp_close(struct connectdata *conn, int sockindex)
+static void sectransp_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ (void) data;
+
if(backend->ssl_ctx) {
(void)SSLClose(backend->ssl_ctx);
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
@@ -2994,11 +2998,11 @@ static void Curl_sectransp_close(struct connectdata *conn, int sockindex)
backend->ssl_sockfd = 0;
}
-static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex)
+static int sectransp_shutdown(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = conn->data;
ssize_t nread;
int what;
int rc;
@@ -3012,7 +3016,7 @@ static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex)
return 0;
#endif
- Curl_sectransp_close(conn, sockindex);
+ sectransp_close(data, conn, sockindex);
rc = 0;
@@ -3050,7 +3054,7 @@ static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex)
return rc;
}
-static void Curl_sectransp_session_free(void *ptr)
+static void sectransp_session_free(void *ptr)
{
/* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
cached session ID inside the Security framework. There is a private
@@ -3061,7 +3065,7 @@ static void Curl_sectransp_session_free(void *ptr)
Curl_safefree(ptr);
}
-static size_t Curl_sectransp_version(char *buffer, size_t size)
+static size_t sectransp_version(char *buffer, size_t size)
{
return msnprintf(buffer, size, "SecureTransport");
}
@@ -3074,7 +3078,7 @@ static size_t Curl_sectransp_version(char *buffer, size_t size)
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
-static int Curl_sectransp_check_cxn(struct connectdata *conn)
+static int sectransp_check_cxn(struct connectdata *conn)
{
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
struct ssl_backend_data *backend = connssl->backend;
@@ -3090,8 +3094,8 @@ static int Curl_sectransp_check_cxn(struct connectdata *conn)
return 0;
}
-static bool Curl_sectransp_data_pending(const struct connectdata *conn,
- int connindex)
+static bool sectransp_data_pending(const struct connectdata *conn,
+ int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -3108,8 +3112,8 @@ static bool Curl_sectransp_data_pending(const struct connectdata *conn,
return false;
}
-static CURLcode Curl_sectransp_random(struct Curl_easy *data UNUSED_PARAM,
- unsigned char *entropy, size_t length)
+static CURLcode sectransp_random(struct Curl_easy *data UNUSED_PARAM,
+ unsigned char *entropy, size_t length)
{
/* arc4random_buf() isn't available on cats older than Lion, so let's
do this manually for the benefit of the older cats. */
@@ -3128,27 +3132,27 @@ static CURLcode Curl_sectransp_random(struct Curl_easy *data UNUSED_PARAM,
return CURLE_OK;
}
-static CURLcode Curl_sectransp_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
+static CURLcode sectransp_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
{
(void)md5len;
(void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
return CURLE_OK;
}
-static CURLcode Curl_sectransp_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len)
+static CURLcode sectransp_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
{
assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
return CURLE_OK;
}
-static bool Curl_sectransp_false_start(void)
+static bool sectransp_false_start(void)
{
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
if(SSLSetSessionOption != NULL)
@@ -3198,7 +3202,7 @@ static ssize_t sectransp_send(struct Curl_easy *data,
*curlcode = CURLE_AGAIN;
return -1L;
default:
- failf(conn->data, "SSLWrite() returned error %d", err);
+ failf(data, "SSLWrite() returned error %d", err);
*curlcode = CURLE_SEND_ERROR;
return -1L;
}
@@ -3262,7 +3266,7 @@ static ssize_t sectransp_recv(struct Curl_easy *data,
Leopard's headers */
case -9841:
if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
- CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data,
+ CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data,
backend->ssl_ctx);
if(result)
return result;
@@ -3278,8 +3282,8 @@ static ssize_t sectransp_recv(struct Curl_easy *data,
return (ssize_t)processed;
}
-static void *Curl_sectransp_get_internals(struct ssl_connect_data *connssl,
- CURLINFO info UNUSED_PARAM)
+static void *sectransp_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
@@ -3299,24 +3303,24 @@ const struct Curl_ssl Curl_ssl_sectransp = {
Curl_none_init, /* init */
Curl_none_cleanup, /* cleanup */
- Curl_sectransp_version, /* version */
- Curl_sectransp_check_cxn, /* check_cxn */
- Curl_sectransp_shutdown, /* shutdown */
- Curl_sectransp_data_pending, /* data_pending */
- Curl_sectransp_random, /* random */
+ sectransp_version, /* version */
+ sectransp_check_cxn, /* check_cxn */
+ sectransp_shutdown, /* shutdown */
+ sectransp_data_pending, /* data_pending */
+ sectransp_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
- Curl_sectransp_connect, /* connect */
- Curl_sectransp_connect_nonblocking, /* connect_nonblocking */
- Curl_sectransp_get_internals, /* get_internals */
- Curl_sectransp_close, /* close_one */
+ sectransp_connect, /* connect */
+ sectransp_connect_nonblocking, /* connect_nonblocking */
+ sectransp_get_internals, /* get_internals */
+ sectransp_close, /* close_one */
Curl_none_close_all, /* close_all */
- Curl_sectransp_session_free, /* session_free */
+ sectransp_session_free, /* session_free */
Curl_none_set_engine, /* set_engine */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
- Curl_sectransp_false_start, /* false_start */
- Curl_sectransp_md5sum, /* md5sum */
- Curl_sectransp_sha256sum /* sha256sum */
+ sectransp_false_start, /* false_start */
+ sectransp_md5sum, /* md5sum */
+ sectransp_sha256sum /* sha256sum */
};
#ifdef __clang__
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 3b37748cf..e32773b0c 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -291,7 +291,8 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
#endif
CURLcode
-Curl_ssl_connect(struct connectdata *conn, int sockindex)
+Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result;
@@ -303,26 +304,27 @@ Curl_ssl_connect(struct connectdata *conn, int sockindex)
}
#endif
- if(!ssl_prefs_check(conn->data))
+ if(!ssl_prefs_check(data))
return CURLE_SSL_CONNECT_ERROR;
/* mark this is being ssl-enabled from here on. */
conn->ssl[sockindex].use = TRUE;
conn->ssl[sockindex].state = ssl_connection_negotiating;
- result = Curl_ssl->connect_blocking(conn, sockindex);
+ result = Curl_ssl->connect_blocking(data, conn, sockindex);
if(!result)
- Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+ Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */
return result;
}
CURLcode
-Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
- bool *done)
+Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex, bool *done)
{
CURLcode result;
+
#ifndef CURL_DISABLE_PROXY
if(conn->bits.proxy_ssl_connected[sockindex]) {
result = ssl_connect_init_proxy(conn, sockindex);
@@ -330,47 +332,46 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
return result;
}
#endif
- if(!ssl_prefs_check(conn->data))
+ if(!ssl_prefs_check(data))
return CURLE_SSL_CONNECT_ERROR;
/* mark this is being ssl requested from here on. */
conn->ssl[sockindex].use = TRUE;
- result = Curl_ssl->connect_nonblocking(conn, sockindex, done);
+ result = Curl_ssl->connect_nonblocking(data, conn, sockindex, done);
if(!result && *done)
- Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+ Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */
return result;
}
/*
* Lock shared SSL session data
*/
-void Curl_ssl_sessionid_lock(struct connectdata *conn)
+void Curl_ssl_sessionid_lock(struct Curl_easy *data)
{
- if(SSLSESSION_SHARED(conn->data))
- Curl_share_lock(conn->data,
- CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
+ if(SSLSESSION_SHARED(data))
+ Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
}
/*
* Unlock shared SSL session data
*/
-void Curl_ssl_sessionid_unlock(struct connectdata *conn)
+void Curl_ssl_sessionid_unlock(struct Curl_easy *data)
{
- if(SSLSESSION_SHARED(conn->data))
- Curl_share_unlock(conn->data, CURL_LOCK_DATA_SSL_SESSION);
+ if(SSLSESSION_SHARED(data))
+ Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
}
/*
* Check if there's a session ID for the given connection in the cache, and if
* there's one suitable, it is provided. Returns TRUE when no entry matched.
*/
-bool Curl_ssl_getsessionid(struct connectdata *conn,
+bool Curl_ssl_getsessionid(struct Curl_easy *data,
+ struct connectdata *conn,
void **ssl_sessionid,
size_t *idsize, /* set 0 if unknown */
int sockindex)
{
struct Curl_ssl_session *check;
- struct Curl_easy *data = conn->data;
size_t i;
long *general_age;
bool no_match = TRUE;
@@ -457,10 +458,9 @@ void Curl_ssl_kill_session(struct Curl_ssl_session *session)
/*
* Delete the given session ID from the cache.
*/
-void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
+void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid)
{
size_t i;
- struct Curl_easy *data = conn->data;
for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
struct Curl_ssl_session *check = &data->state.session[i];
@@ -478,13 +478,13 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
* layer. Curl_XXXX_session_free() will be called to free/kill the session ID
* later on.
*/
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
+ struct connectdata *conn,
void *ssl_sessionid,
size_t idsize,
int sockindex)
{
size_t i;
- struct Curl_easy *data = conn->data; /* the mother of all structs */
struct Curl_ssl_session *store = &data->state.session[0];
long oldest_age = data->state.session[0].age; /* zero if unused */
char *clone_host;
@@ -624,16 +624,18 @@ int Curl_ssl_getsock(struct connectdata *conn,
/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_SECTRANSP || USE_NSS */
#endif
-void Curl_ssl_close(struct connectdata *conn, int sockindex)
+void Curl_ssl_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
- Curl_ssl->close_one(conn, sockindex);
+ Curl_ssl->close_one(data, conn, sockindex);
conn->ssl[sockindex].state = ssl_connection_none;
}
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
+CURLcode Curl_ssl_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- if(Curl_ssl->shut_down(conn, sockindex))
+ if(Curl_ssl->shut_down(data, conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
@@ -1080,9 +1082,11 @@ int Curl_none_init(void)
void Curl_none_cleanup(void)
{ }
-int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM,
+int Curl_none_shutdown(struct Curl_easy *data UNUSED_PARAM,
+ struct connectdata *conn UNUSED_PARAM,
int sockindex UNUSED_PARAM)
{
+ (void)data;
(void)conn;
(void)sockindex;
return 0;
@@ -1188,19 +1192,21 @@ static int multissl_init(void)
return Curl_ssl->init();
}
-static CURLcode multissl_connect(struct connectdata *conn, int sockindex)
+static CURLcode multissl_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
if(multissl_setup(NULL))
return CURLE_FAILED_INIT;
- return Curl_ssl->connect_blocking(conn, sockindex);
+ return Curl_ssl->connect_blocking(data, conn, sockindex);
}
-static CURLcode multissl_connect_nonblocking(struct connectdata *conn,
+static CURLcode multissl_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
if(multissl_setup(NULL))
return CURLE_FAILED_INIT;
- return Curl_ssl->connect_nonblocking(conn, sockindex, done);
+ return Curl_ssl->connect_nonblocking(data, conn, sockindex, done);
}
static void *multissl_get_internals(struct ssl_connect_data *connssl,
@@ -1211,11 +1217,12 @@ static void *multissl_get_internals(struct ssl_connect_data *connssl,
return Curl_ssl->get_internals(connssl, info);
}
-static void multissl_close(struct connectdata *conn, int sockindex)
+static void multissl_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
if(multissl_setup(NULL))
return;
- Curl_ssl->close_one(conn, sockindex);
+ Curl_ssl->close_one(data, conn, sockindex);
}
static const struct Curl_ssl Curl_ssl_multi = {
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index f4cab9988..8c4bcce35 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -47,7 +47,8 @@ struct Curl_ssl {
size_t (*version)(char *buffer, size_t size);
int (*check_cxn)(struct connectdata *cxn);
- int (*shut_down)(struct connectdata *conn, int sockindex);
+ int (*shut_down)(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
bool (*data_pending)(const struct connectdata *conn,
int connindex);
@@ -56,11 +57,14 @@ struct Curl_ssl {
size_t length);
bool (*cert_status_request)(void);
- CURLcode (*connect_blocking)(struct connectdata *conn, int sockindex);
- CURLcode (*connect_nonblocking)(struct connectdata *conn, int sockindex,
+ CURLcode (*connect_blocking)(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex);
+ CURLcode (*connect_nonblocking)(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex,
bool *done);
void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
- void (*close_one)(struct connectdata *conn, int sockindex);
+ void (*close_one)(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
void (*close_all)(struct Curl_easy *data);
void (*session_free)(void *ptr);
@@ -82,7 +86,8 @@ extern const struct Curl_ssl *Curl_ssl;
int Curl_none_init(void);
void Curl_none_cleanup(void);
-int Curl_none_shutdown(struct connectdata *conn, int sockindex);
+int Curl_none_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
int Curl_none_check_cxn(struct connectdata *conn);
CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
@@ -165,15 +170,19 @@ int Curl_ssl_backend(void);
#ifdef USE_SSL
int Curl_ssl_init(void);
void Curl_ssl_cleanup(void);
-CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
+CURLcode Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
+CURLcode Curl_ssl_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool *done);
/* tell the SSL stuff to close down all open information regarding
connections (and thus session ID caching etc) */
void Curl_ssl_close_all(struct Curl_easy *data);
-void Curl_ssl_close(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
+void Curl_ssl_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
+CURLcode Curl_ssl_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex);
CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine);
/* Sets engine as default for all SSL operations */
CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
@@ -205,10 +214,10 @@ CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data, int certnum,
* The purpose of explicitly locking SSL session cache data is to allow
* individual SSL engines to manage session lifetime in their specific way.
*/
-void Curl_ssl_sessionid_lock(struct connectdata *conn);
+void Curl_ssl_sessionid_lock(struct Curl_easy *data);
/* Unlock session cache mutex */
-void Curl_ssl_sessionid_unlock(struct connectdata *conn);
+void Curl_ssl_sessionid_unlock(struct Curl_easy *data);
/* extract a session ID
* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
@@ -216,7 +225,8 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn);
* is properly taken (e.g. its refcount is incremented
* under sessionid mutex).
*/
-bool Curl_ssl_getsessionid(struct connectdata *conn,
+bool Curl_ssl_getsessionid(struct Curl_easy *data,
+ struct connectdata *conn,
void **ssl_sessionid,
size_t *idsize, /* set 0 if unknown */
int sockindex);
@@ -225,7 +235,8 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
* Caller must ensure that it has properly shared ownership of this sessionid
* object with cache (e.g. incrementing refcount on success)
*/
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
+ struct connectdata *conn,
void *ssl_sessionid,
size_t idsize,
int sockindex);
@@ -242,7 +253,7 @@ void Curl_ssl_kill_session(struct Curl_ssl_session *session);
* take sessionid object ownership from sessionid cache
* (e.g. decrement refcount).
*/
-void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
+void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid);
/* get N random bytes into the buffer */
CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *buffer,
@@ -267,10 +278,10 @@ bool Curl_ssl_false_start(void);
/* When SSL support is not present, just define away these function calls */
#define Curl_ssl_init() 1
#define Curl_ssl_cleanup() Curl_nop_stmt
-#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_connect(x,y,z) CURLE_NOT_BUILT_IN
#define Curl_ssl_close_all(x) Curl_nop_stmt
-#define Curl_ssl_close(x,y) Curl_nop_stmt
-#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_close(x,y,z) Curl_nop_stmt
+#define Curl_ssl_shutdown(x,y,z) CURLE_NOT_BUILT_IN
#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
#define Curl_ssl_engines_list(x) NULL
@@ -280,7 +291,7 @@ bool Curl_ssl_false_start(void);
#define Curl_ssl_data_pending(x,y) 0
#define Curl_ssl_check_cxn(x) 0
#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
-#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
+#define Curl_ssl_connect_nonblocking(x,y,z,w) CURLE_NOT_BUILT_IN
#define Curl_ssl_kill_session(x) Curl_nop_stmt
#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_cert_status_request() FALSE
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index be3c2c510..4d2b05af5 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -217,11 +217,10 @@ static int do_file_type(const char *type)
* layer and do all necessary magic.
*/
static CURLcode
-wolfssl_connect_step1(struct connectdata *conn,
+wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
char *ciphers;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
SSL_METHOD* req_method = NULL;
@@ -516,12 +515,12 @@ wolfssl_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(primary.sessionid)) {
void *ssl_sessionid = NULL;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(backend->handle, ssl_sessionid)) {
char error_buffer[WOLFSSL_MAX_ERROR_SZ];
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "SSL: SSL_set_session failed: %s",
ERR_error_string(SSL_get_error(backend->handle, 0),
error_buffer));
@@ -530,7 +529,7 @@ wolfssl_connect_step1(struct connectdata *conn,
/* Informational message */
infof(data, "SSL re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
/* pass the raw socket into the SSL layer */
@@ -545,11 +544,10 @@ wolfssl_connect_step1(struct connectdata *conn,
static CURLcode
-wolfssl_connect_step2(struct connectdata *conn,
+wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
int ret = -1;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
#ifndef CURL_DISABLE_PROXY
@@ -761,11 +759,10 @@ wolfssl_connect_step2(struct connectdata *conn,
static CURLcode
-wolfssl_connect_step3(struct connectdata *conn,
+wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
CURLcode result = CURLE_OK;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
@@ -778,27 +775,27 @@ wolfssl_connect_step3(struct connectdata *conn,
our_ssl_sessionid = SSL_get_session(backend->handle);
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL,
sockindex));
if(incache) {
if(old_ssl_sessionid != our_ssl_sessionid) {
infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
incache = FALSE;
}
}
if(!incache) {
- result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+ result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid,
0 /* unknown size */, sockindex);
if(result) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "failed to store ssl session");
return result;
}
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
connssl->connecting_state = ssl_connect_done;
@@ -840,11 +837,14 @@ static ssize_t wolfssl_send(struct Curl_easy *data,
return rc;
}
-static void wolfssl_close(struct connectdata *conn, int sockindex)
+static void wolfssl_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ (void) data;
+
if(backend->handle) {
(void)SSL_shutdown(backend->handle);
SSL_free(backend->handle);
@@ -942,12 +942,15 @@ static bool wolfssl_data_pending(const struct connectdata *conn,
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
-static int wolfssl_shutdown(struct connectdata *conn, int sockindex)
+static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ (void) data;
+
if(backend->handle) {
SSL_free(backend->handle);
backend->handle = NULL;
@@ -957,13 +960,13 @@ static int wolfssl_shutdown(struct connectdata *conn, int sockindex)
static CURLcode
-wolfssl_connect_common(struct connectdata *conn,
+wolfssl_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode result;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
int what;
@@ -984,7 +987,7 @@ wolfssl_connect_common(struct connectdata *conn,
return CURLE_OPERATION_TIMEDOUT;
}
- result = wolfssl_connect_step1(conn, sockindex);
+ result = wolfssl_connect_step1(data, conn, sockindex);
if(result)
return result;
}
@@ -1039,7 +1042,7 @@ wolfssl_connect_common(struct connectdata *conn,
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- result = wolfssl_connect_step2(conn, sockindex);
+ result = wolfssl_connect_step2(data, conn, sockindex);
if(result || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -1048,7 +1051,7 @@ wolfssl_connect_common(struct connectdata *conn,
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3 == connssl->connecting_state) {
- result = wolfssl_connect_step3(conn, sockindex);
+ result = wolfssl_connect_step3(data, conn, sockindex);
if(result)
return result;
}
@@ -1069,19 +1072,21 @@ wolfssl_connect_common(struct connectdata *conn,
}
-static CURLcode wolfssl_connect_nonblocking(struct connectdata *conn,
+static CURLcode wolfssl_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex, bool *done)
{
- return wolfssl_connect_common(conn, sockindex, TRUE, done);
+ return wolfssl_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode wolfssl_connect(struct connectdata *conn, int sockindex)
+static CURLcode wolfssl_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = wolfssl_connect_common(conn, sockindex, FALSE, &done);
+ result = wolfssl_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;