diff options
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_EGDSOCKET.3 | 9 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 | 9 | ||||
| -rw-r--r-- | lib/doh.c | 8 | ||||
| -rw-r--r-- | lib/setopt.c | 11 | ||||
| -rw-r--r-- | lib/url.c | 5 | ||||
| -rw-r--r-- | lib/urldata.h | 4 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 31 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 6 | ||||
| -rw-r--r-- | tests/libtest/lib1911.c | 4 |
9 files changed, 24 insertions, 63 deletions
diff --git a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 index 0b5089e90..565bb7c51 100644 --- a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 +++ b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -30,6 +30,8 @@ CURLOPT_EGDSOCKET \- EGD socket path CURLcode curl_easy_setopt(CURL *handle, CURLOPT_EGDSOCKET, char *path); .fi .SH DESCRIPTION +Deprecated option. It serves no purpose anymore. + Pass a char * to the null-terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for TLS. @@ -50,7 +52,10 @@ if(curl) { } .fi .SH AVAILABILITY -If built with TLS enabled. Only the OpenSSL backend will use this. +If built with TLS enabled. Only the OpenSSL backend will use this, and only +with OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. .SH RETURN VALUE Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 index de322fc97..b76e6327c 100644 --- a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 +++ b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -30,6 +30,8 @@ CURLOPT_RANDOM_FILE \- file to read random data from CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RANDOM_FILE, char *path); .fi .SH DESCRIPTION +Deprecated option. It serves no purpose anymore. + Pass a char * to a null-terminated file name. The file might be used to read from to seed the random engine for SSL and more. @@ -50,7 +52,10 @@ if(curl) { } .fi .SH AVAILABILITY -Always +If built with TLS enabled. Only the OpenSSL backend will use this, and only +with OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. .SH RETURN VALUE Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient heap space. @@ -306,14 +306,6 @@ static CURLcode dohprobe(struct Curl_easy *data, } if(data->set.ssl.certinfo) ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); - if(data->set.str[STRING_SSL_RANDOM_FILE]) { - ERROR_CHECK_SETOPT(CURLOPT_RANDOM_FILE, - data->set.str[STRING_SSL_RANDOM_FILE]); - } - if(data->set.str[STRING_SSL_EGDSOCKET]) { - ERROR_CHECK_SETOPT(CURLOPT_EGDSOCKET, - data->set.str[STRING_SSL_EGDSOCKET]); - } if(data->set.ssl.fsslctx) ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); if(data->set.ssl.fsslctxp) diff --git a/lib/setopt.c b/lib/setopt.c index 05e1a544d..3dfb845ec 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -203,19 +203,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #endif case CURLOPT_RANDOM_FILE: - /* - * This is the path name to a file that contains random data to seed - * the random SSL stuff with. The file is only used for reading. - */ - result = Curl_setstropt(&data->set.str[STRING_SSL_RANDOM_FILE], - va_arg(param, char *)); break; case CURLOPT_EGDSOCKET: - /* - * The Entropy Gathering Daemon socket pathname - */ - result = Curl_setstropt(&data->set.str[STRING_SSL_EGDSOCKET], - va_arg(param, char *)); break; case CURLOPT_MAXCONNECTS: /* @@ -3808,8 +3808,6 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; - data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.ssl.primary.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; data->set.ssl.primary.cipher_list13 = @@ -3823,9 +3821,6 @@ static CURLcode create_conn(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY]; data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY]; - data->set.proxy_ssl.primary.random_file = - data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.proxy_ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.proxy_ssl.primary.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST_PROXY]; data->set.proxy_ssl.primary.cipher_list13 = diff --git a/lib/urldata.h b/lib/urldata.h index 584434d77..14770574d 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -248,8 +248,6 @@ struct ssl_primary_config { char *CAfile; /* certificate to verify peer against */ char *issuercert; /* optional issuer certificate filename */ char *clientcert; - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ char *cipher_list; /* list of ciphers to use */ char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ char *pinned_key; @@ -1548,8 +1546,6 @@ enum dupstring { STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */ STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */ - STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */ - STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */ STRING_USERAGENT, /* User-Agent string */ STRING_SSL_CRLFILE, /* crl file to check certificate */ STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 635e9c15e..95a18a6d0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -484,36 +484,19 @@ static CURLcode ossl_seed(struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; #else -#ifndef RANDOM_FILE - /* if RANDOM_FILE isn't defined, we only perform this if an option tells - us to! */ - if(data->set.str[STRING_SSL_RANDOM_FILE]) -#define RANDOM_FILE "" /* doesn't matter won't be used */ +#ifdef RANDOM_FILE + RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH); + if(rand_enough()) + return CURLE_OK; #endif - { - /* let the option override the define */ - RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]? - data->set.str[STRING_SSL_RANDOM_FILE]: - RANDOM_FILE), - RAND_LOAD_LENGTH); - if(rand_enough()) - return CURLE_OK; - } -#if defined(HAVE_RAND_EGD) - /* only available in OpenSSL 0.9.5 and later */ +#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET) + /* available in OpenSSL 0.9.5 and later */ /* EGD_SOCKET is set at configure time or not at all */ -#ifndef EGD_SOCKET - /* If we don't have the define set, we only do this if the egd-option - is set */ - if(data->set.str[STRING_SSL_EGDSOCKET]) -#define EGD_SOCKET "" /* doesn't matter won't be used */ -#endif { /* If there's an option and a define, the option overrides the define */ - int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]? - data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET); + int ret = RAND_egd(EGD_SOCKET); if(-1 != ret) { if(rand_enough()) return CURLE_OK; diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index e2d34388c..a692d5e7c 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -143,8 +143,6 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, Curl_safecmp(data->CAfile, needle->CAfile) && Curl_safecmp(data->issuercert, needle->issuercert) && Curl_safecmp(data->clientcert, needle->clientcert) && - Curl_safecmp(data->random_file, needle->random_file) && - Curl_safecmp(data->egdsocket, needle->egdsocket) && #ifdef USE_TLS_SRP Curl_safecmp(data->username, needle->username) && Curl_safecmp(data->password, needle->password) && @@ -182,8 +180,6 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(CAfile); CLONE_STRING(issuercert); CLONE_STRING(clientcert); - CLONE_STRING(random_file); - CLONE_STRING(egdsocket); CLONE_STRING(cipher_list); CLONE_STRING(cipher_list13); CLONE_STRING(pinned_key); @@ -203,8 +199,6 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) Curl_safefree(sslc->CAfile); Curl_safefree(sslc->issuercert); Curl_safefree(sslc->clientcert); - Curl_safefree(sslc->random_file); - Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->cipher_list13); Curl_safefree(sslc->pinned_key); diff --git a/tests/libtest/lib1911.c b/tests/libtest/lib1911.c index 09757fba8..5ddc2112d 100644 --- a/tests/libtest/lib1911.c +++ b/tests/libtest/lib1911.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,6 +62,8 @@ int test(char *URL) switch(o->id) { case CURLOPT_PROXY_TLSAUTH_TYPE: case CURLOPT_TLSAUTH_TYPE: + case CURLOPT_RANDOM_FILE: + case CURLOPT_EGDSOCKET: continue; default: /* check this */ |