diff options
Diffstat (limited to 'lib/vtls/gtls.c')
| -rw-r--r-- | lib/vtls/gtls.c | 70 |
1 files changed, 38 insertions, 32 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 4e2700fa1..27c8a0536 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -200,12 +200,12 @@ static void unload_file(gnutls_datum_t data) /* this function does a SSL/TLS (re-)handshake */ -static CURLcode handshake(struct connectdata *conn, +static CURLcode handshake(struct Curl_easy *data, + struct connectdata *conn, int sockindex, bool duringconnect, bool nonblocking) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; gnutls_session_t session = backend->session; @@ -314,9 +314,9 @@ static gnutls_x509_crt_fmt_t do_file_type(const char *type) #define GNUTLS_SRP "+SRP" static CURLcode -set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn) +set_ssl_version_min_max(const char **prioritylist, struct Curl_easy *data) { - struct Curl_easy *data = conn->data; + struct connectdata *conn = data->conn; long ssl_version = SSL_CONN_CONFIG(version); long ssl_version_max = SSL_CONN_CONFIG(version_max); @@ -379,10 +379,10 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn) } static CURLcode -gtls_connect_step1(struct connectdata *conn, +gtls_connect_step1(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; unsigned int init_flags; @@ -568,7 +568,7 @@ gtls_connect_step1(struct connectdata *conn, case CURL_SSLVERSION_TLSv1_2: case CURL_SSLVERSION_TLSv1_3: { - CURLcode result = set_ssl_version_min_max(&prioritylist, conn); + CURLcode result = set_ssl_version_min_max(&prioritylist, data); if(result != CURLE_OK) return result; break; @@ -731,15 +731,16 @@ gtls_connect_step1(struct connectdata *conn, void *ssl_sessionid; size_t ssl_idsize; - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) { + Curl_ssl_sessionid_lock(data); + if(!Curl_ssl_getsessionid(data, conn, + &ssl_sessionid, &ssl_idsize, sockindex)) { /* we got a session id, use it! */ gnutls_session_set_data(session, ssl_sessionid, ssl_idsize); /* Informational message */ infof(data, "SSL re-using session ID\n"); } - Curl_ssl_sessionid_unlock(conn); + Curl_ssl_sessionid_unlock(data); } return CURLE_OK; @@ -807,7 +808,8 @@ static Curl_recv gtls_recv; static Curl_send gtls_send; static CURLcode -gtls_connect_step3(struct connectdata *conn, +gtls_connect_step3(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { unsigned int cert_list_size; @@ -820,7 +822,6 @@ gtls_connect_step3(struct connectdata *conn, size_t size; time_t certclock; const char *ptr; - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; gnutls_session_t session = backend->session; @@ -1290,19 +1291,19 @@ gtls_connect_step3(struct connectdata *conn, /* extract session ID to the allocated buffer */ gnutls_session_get_data(session, connect_sessionid, &connect_idsize); - Curl_ssl_sessionid_lock(conn); - incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, + Curl_ssl_sessionid_lock(data); + incache = !(Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL, sockindex)); if(incache) { /* there was one before in the cache, so instead of risking that the previous one was rejected, we just kill that and store the new */ - Curl_ssl_delsessionid(conn, ssl_sessionid); + Curl_ssl_delsessionid(data, ssl_sessionid); } /* store this session id */ - result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize, - sockindex); - Curl_ssl_sessionid_unlock(conn); + result = Curl_ssl_addsessionid(data, conn, connect_sessionid, + connect_idsize, sockindex); + Curl_ssl_sessionid_unlock(data); if(result) { free(connect_sessionid); result = CURLE_OUT_OF_MEMORY; @@ -1326,7 +1327,8 @@ gtls_connect_step3(struct connectdata *conn, 'ssl_connect_2_writing' (waiting to be able to write). */ static CURLcode -gtls_connect_common(struct connectdata *conn, +gtls_connect_common(struct Curl_easy *data, + struct connectdata *conn, int sockindex, bool nonblocking, bool *done) @@ -1336,19 +1338,19 @@ gtls_connect_common(struct connectdata *conn, /* Initiate the connection, if not already done */ if(ssl_connect_1 == connssl->connecting_state) { - rc = gtls_connect_step1(conn, sockindex); + rc = gtls_connect_step1(data, conn, sockindex); if(rc) return rc; } - rc = handshake(conn, sockindex, TRUE, nonblocking); + rc = handshake(data, conn, sockindex, TRUE, nonblocking); if(rc) /* handshake() sets its own error message with failf() */ return rc; /* Finish connecting once the handshake is done */ if(ssl_connect_1 == connssl->connecting_state) { - rc = gtls_connect_step3(conn, sockindex); + rc = gtls_connect_step3(data, conn, sockindex); if(rc) return rc; } @@ -1358,18 +1360,20 @@ gtls_connect_common(struct connectdata *conn, return CURLE_OK; } -static CURLcode gtls_connect_nonblocking(struct connectdata *conn, +static CURLcode gtls_connect_nonblocking(struct Curl_easy *data, + struct connectdata *conn, int sockindex, bool *done) { - return gtls_connect_common(conn, sockindex, TRUE, done); + return gtls_connect_common(data, conn, sockindex, TRUE, done); } -static CURLcode gtls_connect(struct connectdata *conn, int sockindex) +static CURLcode gtls_connect(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { CURLcode result; bool done = FALSE; - result = gtls_connect_common(conn, sockindex, FALSE, &done); + result = gtls_connect_common(data, conn, sockindex, FALSE, &done); if(result) return result; @@ -1441,8 +1445,10 @@ static void close_one(struct ssl_connect_data *connssl) #endif } -static void gtls_close(struct connectdata *conn, int sockindex) +static void gtls_close(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { + (void) data; close_one(&conn->ssl[sockindex]); #ifndef CURL_DISABLE_PROXY close_one(&conn->proxy_ssl[sockindex]); @@ -1453,12 +1459,12 @@ static void gtls_close(struct connectdata *conn, int sockindex) * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -static int gtls_shutdown(struct connectdata *conn, int sockindex) +static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; int retval = 0; - struct Curl_easy *data = conn->data; #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code @@ -1547,7 +1553,7 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */ if(ret == GNUTLS_E_REHANDSHAKE) { /* BLOCKING call, this is bad but a work-around for now. Fixing this "the proper way" takes a whole lot of work. */ - CURLcode result = handshake(conn, num, FALSE, FALSE); + CURLcode result = handshake(data, conn, num, FALSE, FALSE); if(result) /* handshake() writes error message on its own */ *curlcode = result; @@ -1557,7 +1563,7 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */ } if(ret < 0) { - failf(conn->data, "GnuTLS recv error (%d): %s", + failf(data, "GnuTLS recv error (%d): %s", (int)ret, gnutls_strerror((int)ret)); *curlcode = CURLE_RECV_ERROR; @@ -1606,7 +1612,7 @@ static CURLcode gtls_random(struct Curl_easy *data, return rc?CURLE_FAILED_INIT:CURLE_OK; #elif defined(USE_GNUTLS) if(data) - Curl_gtls_seed(data); /* Initiate the seed if not already done */ + gtls_seed(data); /* Initiate the seed if not already done */ gcry_randomize(entropy, length, GCRY_STRONG_RANDOM); #endif return CURLE_OK; |