diff options
Diffstat (limited to 'lib/vtls/openssl.c')
| -rw-r--r-- | lib/vtls/openssl.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index f7ffb1e0a..2c2ebfff4 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -96,6 +96,10 @@ #include "curl_memory.h" #include "memdebug.h" + +#define DEBUG_ME 0 + + /* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS renegotiations when built with BoringSSL. Renegotiating is non-compliant with HTTP/2 and "an extremely dangerous protocol feature". Beware. @@ -706,8 +710,10 @@ static int bio_cf_out_write(BIO *bio, const char *buf, int blen) DEBUGASSERT(data); nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); - /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_out_write(len=%d) -> %d, err=%d"), - blen, (int)nwritten, result)); */ +#if DEBUG_ME + DEBUGF(infof(data, CFMSG(cf, "bio_cf_out_write(len=%d) -> %d, err=%d"), + blen, (int)nwritten, result)); +#endif BIO_clear_retry_flags(bio); connssl->backend->io_result = result; if(nwritten < 0) { @@ -731,8 +737,10 @@ static int bio_cf_in_read(BIO *bio, char *buf, int blen) return 0; nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result); - /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_in_read(len=%d) -> %d, err=%d"), - blen, (int)nread, result)); */ +#if DEBUG_ME + DEBUGF(infof(data, CFMSG(cf, "bio_cf_in_read(len=%d) -> %d, err=%d"), + blen, (int)nread, result)); +#endif BIO_clear_retry_flags(bio); connssl->backend->io_result = result; if(nread < 0) { @@ -2630,13 +2638,13 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, const void *buf, size_t len, SSL *ssl, void *userp) { - char unknown[32]; - const char *verstr = NULL; + const char *verstr = "???"; struct connectdata *conn = userp; int cf_idx = ossl_get_ssl_cf_index(); struct ssl_connect_data *connssl; struct Curl_easy *data = NULL; struct Curl_cfilter *cf; + char unknown[32]; DEBUGASSERT(cf_idx >= 0); cf = (struct Curl_cfilter*) SSL_get_ex_data(ssl, cf_idx); @@ -2646,8 +2654,8 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, DEBUGASSERT(connssl->backend); data = connssl->call_data; - if(!conn || !data || !data->set.fdebug || - (direction != 0 && direction != 1)) + if(!conn || !data || !data->set.fdebug + || (direction != 0 && direction != 1)) return; switch(ssl_ver) { @@ -3448,6 +3456,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); BIO *bio; + int cf_idx = ossl_get_ssl_cf_index(); #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME bool sni; @@ -3473,6 +3482,9 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); DEBUGASSERT(backend); + if(cf_idx < 0) + return CURLE_FAILED_INIT; + /* Make funny stuff to get random input */ result = ossl_seed(data); if(result) @@ -3785,6 +3797,8 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, return CURLE_OUT_OF_MEMORY; } + SSL_set_ex_data(backend->handle, cf_idx, cf); + #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) if(conn_config->verifystatus) |