summaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/bearssl.c7
-rw-r--r--lib/vtls/gskit.c6
-rw-r--r--lib/vtls/gtls.c3
-rw-r--r--lib/vtls/mbedtls.c19
-rw-r--r--lib/vtls/mesalink.c3
-rw-r--r--lib/vtls/openssl.c9
-rw-r--r--lib/vtls/schannel.c28
-rw-r--r--lib/vtls/schannel_verify.c8
-rw-r--r--lib/vtls/sectransp.c18
-rw-r--r--lib/vtls/vtls.h3
-rw-r--r--lib/vtls/wolfssl.c24
11 files changed, 26 insertions, 102 deletions
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
index a63056d4e..673e3863a 100644
--- a/lib/vtls/bearssl.c
+++ b/lib/vtls/bearssl.c
@@ -300,12 +300,7 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
-#ifndef CURL_DISABLE_PROXY
- const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- const char *hostname = conn->host.name;
-#endif
+ const char * const hostname = SSL_HOST_NAME();
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
CURLcode ret;
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index b0c73437b..15b19a76c 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -705,8 +705,7 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data,
const char * const keyringlabel = SSL_SET_OPTION(primary.clientcert);
const long int ssl_version = SSL_CONN_CONFIG(version);
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
- const char * const hostname = SSL_IS_PROXY()? conn->http_proxy.host.name:
- conn->host.name;
+ const char * const hostname = SSL_HOST_NAME();
const char *sni;
unsigned int protoflags = 0;
Qso_OverlappedIO_t commarea;
@@ -1035,8 +1034,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data,
}
/* Check pinned public key. */
- ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ ptr = SSL_PINNED_PUB_KEY();
if(!result && ptr) {
curl_X509certificate x509;
curl_asn1Element *p;
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 58be8e596..3ce7ba8c3 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1178,8 +1178,7 @@ gtls_connect_step3(struct Curl_easy *data,
infof(data, "\t server certificate activation date OK\n");
}
- ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ ptr = SSL_PINNED_PUB_KEY();
if(ptr) {
result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
if(result != CURLE_OK) {
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index d4504a61f..ca77de586 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -251,14 +251,8 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
-#ifndef CURL_DISABLE_PROXY
- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
- const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
- const char * const hostname = conn->host.name;
- const long int port = conn->remote_port;
-#endif
+ const char * const hostname = SSL_HOST_NAME();
+ const long int port = SSL_HOST_PORT();
int ret = -1;
char errorbuf[128];
errorbuf[0] = 0;
@@ -542,14 +536,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const mbedtls_x509_crt *peercert;
-#ifndef CURL_DISABLE_PROXY
- const char * const pinnedpubkey = SSL_IS_PROXY() ?
- data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#else
- const char * const pinnedpubkey =
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#endif
+ const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
conn->recv[sockindex] = mbed_recv;
conn->send[sockindex] = mbed_send;
diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
index 5d6a1495d..f16c77c27 100644
--- a/lib/vtls/mesalink.c
+++ b/lib/vtls/mesalink.c
@@ -98,8 +98,7 @@ mesalink_connect_step1(struct Curl_easy *data,
#ifdef ENABLE_IPV6
struct in6_addr addr6;
#endif
- const char *const hostname =
- SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name;
+ const char * const hostname = SSL_HOST_NAME();
size_t hostname_len = strlen(hostname);
SSL_METHOD *req_method = NULL;
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c82c8d16a..6d88908bd 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3308,11 +3308,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
*/
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
const char * const hostname = SSL_HOST_NAME();
-#ifndef CURL_DISABLE_PROXY
- const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
- const long int port = conn->remote_port;
-#endif
+ const long int port = SSL_HOST_PORT();
char extramsg[80]="";
int sockerr = SOCKERRNO;
if(sockerr && detail == SSL_ERROR_SYSCALL)
@@ -3925,8 +3921,7 @@ static CURLcode servercert(struct Curl_easy *data,
/* when not strict, we don't bother about the verify cert problems */
result = CURLE_OK;
- ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ ptr = SSL_PINNED_PUB_KEY();
if(!result && ptr) {
result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
if(result)
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 7b279b15a..b944bbd49 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -428,12 +428,7 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
#endif
TCHAR *host_name;
CURLcode result;
-#ifndef CURL_DISABLE_PROXY
- char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- char * const hostname = conn->host.name;
-#endif
+ char * const hostname = SSL_HOST_NAME();
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
@@ -995,12 +990,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
SECURITY_STATUS sspi_status = SEC_E_OK;
CURLcode result;
bool doread;
-#ifndef CURL_DISABLE_PROXY
- char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- char * const hostname = conn->host.name;
-#endif
+ char * const hostname = SSL_HOST_NAME();
const char *pubkey_ptr;
doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
@@ -1249,9 +1239,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
DEBUGF(infof(data, "schannel: SSL/TLS handshake complete\n"));
}
- pubkey_ptr = SSL_IS_PROXY() ?
- data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ pubkey_ptr = SSL_PINNED_PUB_KEY();
if(pubkey_ptr) {
result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr);
if(result) {
@@ -1338,8 +1326,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
CERT_CONTEXT *ccert_context = NULL;
bool isproxy = SSL_IS_PROXY();
#ifdef DEBUGBUILD
- const char * const hostname = isproxy ? conn->http_proxy.host.name :
- conn->host.name;
+ const char * const hostname = SSL_HOST_NAME();
#endif
#ifdef HAS_ALPN
SecPkgContext_ApplicationProtocol alpn_result;
@@ -2126,12 +2113,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
* Shutting Down an Schannel Connection
*/
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-#ifndef CURL_DISABLE_PROXY
- char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- char * const hostname = conn->host.name;
-#endif
+ char * const hostname = SSL_HOST_NAME();
DEBUGASSERT(data);
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index 54ab02181..25b7767a2 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -536,13 +536,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
const CERT_CHAIN_CONTEXT *pChainContext = NULL;
HCERTCHAINENGINE cert_chain_engine = NULL;
HCERTSTORE trust_store = NULL;
-#ifndef CURL_DISABLE_PROXY
- const char * const conn_hostname = SSL_IS_PROXY() ?
- conn->http_proxy.host.name :
- conn->host.name;
-#else
- const char * const conn_hostname = conn->host.name;
-#endif
+ const char * const conn_hostname = SSL_HOST_NAME();
sspi_status =
s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index d93dc5e72..f7abc35ad 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -1664,16 +1664,9 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
-#ifndef CURL_DISABLE_PROXY
bool isproxy = SSL_IS_PROXY();
- const char * const hostname = isproxy ? conn->http_proxy.host.name :
- conn->host.name;
- const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
- const isproxy = FALSE;
- const char * const hostname = conn->host.name;
- const long int port = conn->remote_port;
-#endif
+ const char * const hostname = SSL_HOST_NAME();
+ const long int port = SSL_HOST_PORT();
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
@@ -2508,12 +2501,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
OSStatus err;
SSLCipherSuite cipher;
SSLProtocol protocol = 0;
-#ifndef CURL_DISABLE_PROXY
- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- const char * const hostname = conn->host.name;
-#endif
+ const char * const hostname = SSL_HOST_NAME();
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|| ssl_connect_2_reading == connssl->connecting_state
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index 2b43e7744..de2e3fd14 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -148,6 +148,8 @@ bool Curl_ssl_tls13_ciphersuites(void);
(SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name)
#define SSL_HOST_DISPNAME() \
(SSL_IS_PROXY() ? conn->http_proxy.host.dispname : conn->host.dispname)
+#define SSL_HOST_PORT() \
+ (SSL_IS_PROXY() ? conn->port : conn->remote_port)
#define SSL_PINNED_PUB_KEY() (SSL_IS_PROXY() \
? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] \
: data->set.str[STRING_SSL_PINNEDPUBLICKEY])
@@ -158,6 +160,7 @@ bool Curl_ssl_tls13_ciphersuites(void);
#define SSL_CONN_CONFIG(var) conn->ssl_config.var
#define SSL_HOST_NAME() conn->host.name
#define SSL_HOST_DISPNAME() conn->host.dispname
+#define SSL_HOST_PORT() conn->remote_port
#define SSL_PINNED_PUB_KEY() \
data->set.str[STRING_SSL_PINNEDPUBLICKEY]
#endif
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 21f36504f..a0afe7418 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -400,12 +400,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
#ifdef ENABLE_IPV6
struct in6_addr addr6;
#endif
-#ifndef CURL_DISABLE_PROXY
- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
-#else
- const char * const hostname = conn->host.name;
-#endif
+ const char * const hostname = SSL_HOST_NAME();
size_t hostname_len = strlen(hostname);
if((hostname_len < USHRT_MAX) &&
(0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
@@ -534,20 +529,9 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
int ret = -1;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
-#ifndef CURL_DISABLE_PROXY
- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
- conn->host.name;
- const char * const dispname = SSL_IS_PROXY() ?
- conn->http_proxy.host.dispname : conn->host.dispname;
- const char * const pinnedpubkey = SSL_IS_PROXY() ?
- data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#else
- const char * const hostname = conn->host.name;
- const char * const dispname = conn->host.dispname;
- const char * const pinnedpubkey =
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#endif
+ const char * const hostname = SSL_HOST_NAME();
+ const char * const dispname = SSL_HOST_DISPNAME();
+ const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
conn->recv[sockindex] = wolfssl_recv;
conn->send[sockindex] = wolfssl_send;