diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-12-30 15:04:57 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-12-31 16:56:21 +0100 |
| commit | becfe2ec783a40254761606a09069cf258d424ef (patch) | |
| tree | 19f3f7ace874900ad1d3b10d997014af986b078b /lib | |
| parent | df856cb5c94665c9083dc8be5bb02392d841cc1e (diff) | |
| download | curl-becfe2ec783a40254761606a09069cf258d424ef.tar.gz | |
urldata: cease storing TLS auth type
The only TLS auth type libcurl ever supported is SRP and that is the
default type. Since nobody ever sets any other type, there is no point
in wasting space to store the set type and code to check the type.
If TLS auth is used, SRP is now implied.
Closes #10181
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/setopt.c | 27 | ||||
| -rw-r--r-- | lib/url.c | 3 | ||||
| -rw-r--r-- | lib/urldata.h | 1 | ||||
| -rw-r--r-- | lib/vtls/gtls.c | 19 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 6 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 4 |
6 files changed, 12 insertions, 48 deletions
diff --git a/lib/setopt.c b/lib/setopt.c index 59114927b..ecee4c50a 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2843,52 +2843,33 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME] && - !data->set.ssl.primary.authtype) - data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.primary.authtype) - data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to - SRP */ break; #endif case CURLOPT_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME] && - !data->set.ssl.primary.authtype) - data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.primary.authtype) - data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ break; #endif case CURLOPT_TLSAUTH_TYPE: argptr = va_arg(param, char *); - if(!argptr || - strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; - else - data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE; + if(argptr && !strncasecompare(argptr, "SRP", strlen("SRP"))) + return CURLE_BAD_FUNCTION_ARGUMENT; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_TYPE: argptr = va_arg(param, char *); - if(!argptr || - strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; - else - data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE; + if(argptr || !strncasecompare(argptr, "SRP", strlen("SRP"))) + return CURLE_BAD_FUNCTION_ARGUMENT; break; #endif #endif @@ -563,9 +563,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) #endif set->ssl.primary.verifypeer = TRUE; set->ssl.primary.verifyhost = TRUE; -#ifdef USE_TLS_SRP - set->ssl.primary.authtype = CURL_TLSAUTH_NONE; -#endif #ifdef USE_SSH /* defaults to any auth type */ set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; diff --git a/lib/urldata.h b/lib/urldata.h index a70729c7e..a8af5dba3 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -283,7 +283,6 @@ struct ssl_primary_config { #ifdef USE_TLS_SRP char *username; /* TLS username (for, e.g., SRP) */ char *password; /* TLS password (for, e.g., SRP) */ - enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ #endif char *curves; /* list of curves to use */ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 3857cc303..44577a106 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -434,12 +434,10 @@ CURLcode gtls_client_init(struct Curl_easy *data, } #ifdef USE_GNUTLS_SRP - if((config->authtype == CURL_TLSAUTH_SRP) && - Curl_auth_allowed_to_host(data)) { + if(config->username && Curl_auth_allowed_to_host(data)) { infof(data, "Using TLS-SRP username: %s", config->username); - rc = gnutls_srp_allocate_client_credentials( - >ls->srp_client_cred); + rc = gnutls_srp_allocate_client_credentials(>ls->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_allocate_client_cred() failed: %s", gnutls_strerror(rc)); @@ -581,7 +579,7 @@ CURLcode gtls_client_init(struct Curl_easy *data, #ifdef USE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ - if(config->authtype == CURL_TLSAUTH_SRP) { + if(config->username) { size_t len = strlen(prioritylist); char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1); @@ -646,7 +644,7 @@ CURLcode gtls_client_init(struct Curl_easy *data, #ifdef USE_GNUTLS_SRP /* put the credentials to the current session */ - if(config->authtype == CURL_TLSAUTH_SRP) { + if(config->username) { rc = gnutls_credentials_set(gtls->session, GNUTLS_CRD_SRP, gtls->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { @@ -865,10 +863,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data, config->verifyhost || config->issuercert) { #ifdef USE_GNUTLS_SRP - if(ssl_config->primary.authtype == CURL_TLSAUTH_SRP - && ssl_config->primary.username - && !config->verifypeer - && gnutls_cipher_get(session)) { + if(ssl_config->primary.username && !config->verifypeer && + gnutls_cipher_get(session)) { /* no peer cert, but auth is ok if we have SRP user and cipher and no peer verify */ } @@ -1561,8 +1557,7 @@ static int gtls_shutdown(struct Curl_cfilter *cf, gnutls_certificate_free_credentials(backend->gtls.cred); #ifdef USE_GNUTLS_SRP - if(ssl_config->primary.authtype == CURL_TLSAUTH_SRP - && ssl_config->primary.username != NULL) + if(ssl_config->primary.username) gnutls_srp_free_client_credentials(backend->gtls.srp_client_cred); #endif diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index f5dd14d53..3889b6f3b 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3469,9 +3469,6 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, #endif #endif const long int ssl_version = conn_config->version; -#ifdef USE_OPENSSL_SRP - const enum CURL_TLSAUTH ssl_authtype = ssl_config->primary.authtype; -#endif char * const ssl_cert = ssl_config->primary.clientcert; const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; const char * const ssl_cert_type = ssl_config->cert_type; @@ -3732,8 +3729,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, #endif #ifdef USE_OPENSSL_SRP - if((ssl_authtype == CURL_TLSAUTH_SRP) && - Curl_auth_allowed_to_host(data)) { + if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) { char * const ssl_username = ssl_config->primary.username; char * const ssl_password = ssl_config->primary.password; infof(data, "Using TLS-SRP username: %s", ssl_username); diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d3526785f..8b1cbd2ea 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -150,7 +150,6 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, #ifdef USE_TLS_SRP !Curl_timestrcmp(data->username, needle->username) && !Curl_timestrcmp(data->password, needle->password) && - (data->authtype == needle->authtype) && #endif strcasecompare(data->cipher_list, needle->cipher_list) && strcasecompare(data->cipher_list13, needle->cipher_list13) && @@ -173,9 +172,6 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, dest->verifystatus = source->verifystatus; dest->sessionid = source->sessionid; dest->ssl_options = source->ssl_options; -#ifdef USE_TLS_SRP - dest->authtype = source->authtype; -#endif CLONE_BLOB(cert_blob); CLONE_BLOB(ca_info_blob); |