From 6e619393824922118317689ef59a73c556b7ef98 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 7 Apr 2005 15:27:13 +0000 Subject: GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls --- lib/sslgen.h | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 lib/sslgen.h (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h new file mode 100644 index 000000000..3e1dfa0a6 --- /dev/null +++ b/lib/sslgen.h @@ -0,0 +1,72 @@ +#ifndef __SSLGEN_H +#define __SSLGEN_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * $Id$ + ***************************************************************************/ + +bool Curl_ssl_config_matches(struct ssl_config_data* data, + struct ssl_config_data* needle); +bool Curl_clone_ssl_config(struct ssl_config_data* source, + struct ssl_config_data* dest); +void Curl_free_ssl_config(struct ssl_config_data* sslc); + +int Curl_ssl_init(void); +void Curl_ssl_cleanup(void); +CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); +void Curl_ssl_close(struct connectdata *conn); +/* tell the SSL stuff to close down all open information regarding + connections (and thus session ID caching etc) */ +void Curl_ssl_close_all(struct SessionHandle *data); +CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); +/* Sets engine as default for all SSL operations */ +CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); +int Curl_ssl_send(struct connectdata *conn, + int sockindex, + void *mem, + size_t len); +int Curl_ssl_recv(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ + char *mem, /* store read data here */ + size_t len); /* max amount to read */ + +/* init the SSL session ID cache */ +CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); +/* extract a session ID */ +int Curl_ssl_getsessionid(struct connectdata *conn, + void **ssl_sessionid, + size_t *idsize) /* set 0 if unknown */; +/* add a new session ID */ +CURLcode Curl_ssl_addsessionid(struct connectdata *conn, + void *ssl_sessionid, + size_t idsize); + + +struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); + +size_t Curl_ssl_version(char *buffer, size_t size); + +#if !defined(USE_SSL) && !defined(SSLGEN_C) +/* set up blank macros for none-SSL builds */ +#define Curl_ssl_close_all(x) +#endif + +#endif -- cgit v1.2.1 From 83367f67de9584b91570bcb53a153b8aa496d455 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 21 Mar 2006 21:54:44 +0000 Subject: Xavier Bouchoux made the SSL connection non-blocking for the multi interface (when using OpenSSL). --- lib/sslgen.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 3e1dfa0a6..6b63c3688 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -32,6 +32,9 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc); int Curl_ssl_init(void); void Curl_ssl_cleanup(void); CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); +CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, + int sockindex, + bool *done); void Curl_ssl_close(struct connectdata *conn); /* tell the SSL stuff to close down all open information regarding connections (and thus session ID caching etc) */ -- cgit v1.2.1 From c9c5ce23652db79f36925c1509a15ddf4f665422 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 10 May 2006 22:17:42 +0000 Subject: David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions. --- lib/sslgen.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 6b63c3688..cd1b66390 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -67,6 +67,8 @@ struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); size_t Curl_ssl_version(char *buffer, size_t size); +int Curl_ssl_check_cxn(struct connectdata *conn); + #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) -- cgit v1.2.1 From 772a985dc3318214443ddd2ad6541d520f089368 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 27 Oct 2006 03:47:57 +0000 Subject: Update copyright year, since the file has been modified --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index cd1b66390..03b01b86a 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From be0d17e812053bddd99e1d330c429399f17aee44 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 11 Nov 2006 21:34:43 +0000 Subject: cleaned up Curl_write() and the sub functions it uses for various protocols. They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup. --- lib/sslgen.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 03b01b86a..b910ac74b 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -32,7 +32,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc); int Curl_ssl_init(void); void Curl_ssl_cleanup(void); CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, +CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done); void Curl_ssl_close(struct connectdata *conn); @@ -42,14 +42,14 @@ void Curl_ssl_close_all(struct SessionHandle *data); CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); /* Sets engine as default for all SSL operations */ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); -int Curl_ssl_send(struct connectdata *conn, - int sockindex, - void *mem, - size_t len); -int Curl_ssl_recv(struct connectdata *conn, /* connection data */ - int sockindex, /* socketindex */ - char *mem, /* store read data here */ - size_t len); /* max amount to read */ +ssize_t Curl_ssl_send(struct connectdata *conn, + int sockindex, + void *mem, + size_t len); +ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ + char *mem, /* store read data here */ + size_t len); /* max amount to read */ /* init the SSL session ID cache */ CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); -- cgit v1.2.1 From 4750e6f3c5fd42e19998242ddb63d7d5506b9fd9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 5 Jan 2007 23:11:14 +0000 Subject: - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation. --- lib/sslgen.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index b910ac74b..11dea3243 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -69,9 +69,13 @@ size_t Curl_ssl_version(char *buffer, size_t size); int Curl_ssl_check_cxn(struct connectdata *conn); +CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex); + #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) #endif +#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ + #endif -- cgit v1.2.1 From 3239f059b82d2b20a76f7470d8c4a334755f25c4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Jan 2007 17:19:08 +0000 Subject: moved the SSL pending function to the proper place and name --- lib/sslgen.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 11dea3243..d4b05b243 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -71,9 +71,13 @@ int Curl_ssl_check_cxn(struct connectdata *conn); CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex); +bool Curl_ssl_data_pending(struct connectdata *conn, + int connindex); + #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) +#define Curl_ssl_data_pending(x) 0 #endif #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ -- cgit v1.2.1 From 10a13eba720aa1cde72d25dc7610bec6ef990ad8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 25 Jan 2007 11:09:56 +0000 Subject: fix non-SSL builds again --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index d4b05b243..eef92982c 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -77,7 +77,7 @@ bool Curl_ssl_data_pending(struct connectdata *conn, #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) -#define Curl_ssl_data_pending(x) 0 +#define Curl_ssl_data_pending(x,y) 0 #endif #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ -- cgit v1.2.1 From 2b280bcc69137e53650b06372cdfc60d86d214a3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 25 Jan 2007 21:00:03 +0000 Subject: fix compiler warnings for SSL-disabled builds --- lib/sslgen.h | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index eef92982c..c24d46bf3 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -77,7 +77,6 @@ bool Curl_ssl_data_pending(struct connectdata *conn, #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) -#define Curl_ssl_data_pending(x,y) 0 #endif #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ -- cgit v1.2.1 From f1fa7b8ba469d9b8681e30f107b44004695b32e9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 29 Jul 2007 12:54:05 +0000 Subject: Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use of a socket after it has been closed, when the FTP-SSL data connection is taken down. --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index c24d46bf3..70bd7c562 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -35,7 +35,7 @@ CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done); -void Curl_ssl_close(struct connectdata *conn); +void Curl_ssl_close(struct connectdata *conn, int sockindex); /* tell the SSL stuff to close down all open information regarding connections (and thus session ID caching etc) */ void Curl_ssl_close_all(struct SessionHandle *data); -- cgit v1.2.1 From 8cf0814a143d99de813fbd1653b785252b4c58a6 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Mon, 27 Aug 2007 06:31:28 +0000 Subject: Fixed some minor type mismatches and missing consts mainly found by splint. --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 70bd7c562..391b8f33e 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -71,7 +71,7 @@ int Curl_ssl_check_cxn(struct connectdata *conn); CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex); -bool Curl_ssl_data_pending(struct connectdata *conn, +bool Curl_ssl_data_pending(const struct connectdata *conn, int connindex); #if !defined(USE_SSL) && !defined(SSLGEN_C) -- cgit v1.2.1 From e2b82b4325e2726a802b6202f2d011fb4988e41d Mon Sep 17 00:00:00 2001 From: Michal Marek Date: Fri, 9 May 2008 11:27:54 +0000 Subject: - Make Curl_write and it's callees accept a const pointer, in preparation of tetetest's patch for curl_easy_send() --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 391b8f33e..d93225dd8 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -44,7 +44,7 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); ssize_t Curl_ssl_send(struct connectdata *conn, int sockindex, - void *mem, + const void *mem, size_t len); ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ int sockindex, /* socketindex */ -- cgit v1.2.1 From 04d5c8fb779afdb4f7e85a701f8b4b987a4016ee Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 11 Jun 2008 17:01:58 +0000 Subject: - I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. --- lib/sslgen.h | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index d93225dd8..b421fc362 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,19 +29,22 @@ bool Curl_clone_ssl_config(struct ssl_config_data* source, struct ssl_config_data* dest); void Curl_free_ssl_config(struct ssl_config_data* sslc); +#ifdef USE_SSL int Curl_ssl_init(void); void Curl_ssl_cleanup(void); CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done); -void Curl_ssl_close(struct connectdata *conn, int sockindex); /* tell the SSL stuff to close down all open information regarding connections (and thus session ID caching etc) */ void Curl_ssl_close_all(struct SessionHandle *data); +void Curl_ssl_close(struct connectdata *conn, int sockindex); +CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex); CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); /* Sets engine as default for all SSL operations */ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); +struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); ssize_t Curl_ssl_send(struct connectdata *conn, int sockindex, const void *mem, @@ -50,9 +53,34 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ int sockindex, /* socketindex */ char *mem, /* store read data here */ size_t len); /* max amount to read */ - /* init the SSL session ID cache */ CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); +size_t Curl_ssl_version(char *buffer, size_t size); +bool Curl_ssl_data_pending(const struct connectdata *conn, + int connindex); +int Curl_ssl_check_cxn(struct connectdata *conn); + +#else +/* When SSL support is not present, just define away these function calls */ +#define Curl_ssl_init() 1 +#define Curl_ssl_cleanup() +#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT +#define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT) +#define Curl_ssl_close_all(x) +#define Curl_ssl_close(x,y) +#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT +#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT +#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT +#define Curl_ssl_engines_list(x) NULL +#define Curl_ssl_send(a,b,c,d) -1 +#define Curl_ssl_recv(a,b,c,d) -1 +#define Curl_ssl_initsessions(x,y) CURLE_OK +#define Curl_ssl_version(x,y) 0 +#define Curl_ssl_data_pending(x,y) 0 +#define Curl_ssl_check_cxn(x) 0 + +#endif + /* extract a session ID */ int Curl_ssl_getsessionid(struct connectdata *conn, void **ssl_sessionid, @@ -62,18 +90,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void *ssl_sessionid, size_t idsize); - -struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); - -size_t Curl_ssl_version(char *buffer, size_t size); - -int Curl_ssl_check_cxn(struct connectdata *conn); - -CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex); - -bool Curl_ssl_data_pending(const struct connectdata *conn, - int connindex); - #if !defined(USE_SSL) && !defined(SSLGEN_C) /* set up blank macros for none-SSL builds */ #define Curl_ssl_close_all(x) -- cgit v1.2.1 From 7820391cb98ec61c691bf8080b655ca409dc8ad4 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 5 Jul 2008 03:31:41 +0000 Subject: fix compiler warning: empty body in an if-statement --- lib/sslgen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index b421fc362..f6eff057a 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -63,7 +63,7 @@ int Curl_ssl_check_cxn(struct connectdata *conn); #else /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 -#define Curl_ssl_cleanup() +#define Curl_ssl_cleanup() do { } while (0) #define Curl_ssl_connect(x,y) CURLE_FAILED_INIT #define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT) #define Curl_ssl_close_all(x) -- cgit v1.2.1 From 4c9768565ec3a9baf26ac8a547bca6e42cc64fa5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 5 Sep 2008 14:29:21 +0000 Subject: - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks! --- lib/sslgen.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index f6eff057a..a32dfb82f 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -59,7 +59,7 @@ size_t Curl_ssl_version(char *buffer, size_t size); bool Curl_ssl_data_pending(const struct connectdata *conn, int connindex); int Curl_ssl_check_cxn(struct connectdata *conn); - +void Curl_ssl_free_certinfo(struct SessionHandle *data); #else /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 @@ -78,6 +78,7 @@ int Curl_ssl_check_cxn(struct connectdata *conn); #define Curl_ssl_version(x,y) 0 #define Curl_ssl_data_pending(x,y) 0 #define Curl_ssl_check_cxn(x) 0 +#define Curl_ssl_free_certinfo(x) #endif @@ -90,11 +91,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void *ssl_sessionid, size_t idsize); -#if !defined(USE_SSL) && !defined(SSLGEN_C) -/* set up blank macros for none-SSL builds */ -#define Curl_ssl_close_all(x) -#endif - #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ #endif -- cgit v1.2.1 From 035a2e5479c312df64f7db0e98089e1f89f5f78e Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Mon, 20 Oct 2008 23:07:48 +0000 Subject: A few prototypes shouldn't be defined if SSL is disabled. --- lib/sslgen.h | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index a32dfb82f..aa3c802e0 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -60,6 +60,20 @@ bool Curl_ssl_data_pending(const struct connectdata *conn, int connindex); int Curl_ssl_check_cxn(struct connectdata *conn); void Curl_ssl_free_certinfo(struct SessionHandle *data); + +/* Functions to be used by SSL library adaptation functions */ + +/* extract a session ID */ +int Curl_ssl_getsessionid(struct connectdata *conn, + void **ssl_sessionid, + size_t *idsize) /* set 0 if unknown */; +/* add a new session ID */ +CURLcode Curl_ssl_addsessionid(struct connectdata *conn, + void *ssl_sessionid, + size_t idsize); + +#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ + #else /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 @@ -82,15 +96,4 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data); #endif -/* extract a session ID */ -int Curl_ssl_getsessionid(struct connectdata *conn, - void **ssl_sessionid, - size_t *idsize) /* set 0 if unknown */; -/* add a new session ID */ -CURLcode Curl_ssl_addsessionid(struct connectdata *conn, - void *ssl_sessionid, - size_t idsize); - -#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ - -#endif +#endif /* USE_SSL */ -- cgit v1.2.1 From 4cbc0f6c2e9557e7aad07abd62e6b836f78134e1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Nov 2008 22:19:27 +0000 Subject: - Rainer Canavan filed bug #2255627 (http://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a program using libcurl's multi interface to download a HTTPS page with a libcurl built powered by OpenSSL, would easily get silly and instead hand over SSL details as data instead of the actual HTTP headers and body. This happened because libcurl would consider the connection handshake done too early. This problem was introduced at September 22nd 2008 with my fix of the bug #2107377 The correct fix is now instead done within the GnuTLS-handling code, as both the OpenSSL and the NSS code already deal with this situation in similar fashion. I added test case 560 in an attempt to verify this fix, but unfortunately it didn't trigger it even before this fix! --- lib/sslgen.h | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index aa3c802e0..bbe7de7e9 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -79,7 +79,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, #define Curl_ssl_init() 1 #define Curl_ssl_cleanup() do { } while (0) #define Curl_ssl_connect(x,y) CURLE_FAILED_INIT -#define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT) #define Curl_ssl_close_all(x) #define Curl_ssl_close(x,y) #define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT -- cgit v1.2.1 From a16cca768051ae7c2020426fef00bb0ec537477a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 May 2009 21:57:14 +0000 Subject: - Michael Smith posted bug report #2786255 (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes. --- lib/sslgen.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index bbe7de7e9..d55bd1bb3 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -71,6 +71,8 @@ int Curl_ssl_getsessionid(struct connectdata *conn, CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void *ssl_sessionid, size_t idsize); +/* delete a session from the cache */ +void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ -- cgit v1.2.1 From 2309b4e330b96bc2e1f8e36b6184015e59544037 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Mar 2010 11:02:54 +0100 Subject: remove the CVSish $Id$ lines --- lib/sslgen.h | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index d55bd1bb3..820f532f0 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -20,7 +20,6 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * - * $Id$ ***************************************************************************/ bool Curl_ssl_config_matches(struct ssl_config_data* data, -- cgit v1.2.1 From ff8711135e9311d5a54c7210a5a87a86077271cb Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Sun, 4 Apr 2010 23:37:18 +0200 Subject: refactorize interface of Curl_ssl_recv/Curl_ssl_send --- lib/sslgen.h | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 820f532f0..18858af15 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2008, 2010, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -44,14 +44,29 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); /* Sets engine as default for all SSL operations */ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); -ssize_t Curl_ssl_send(struct connectdata *conn, - int sockindex, - const void *mem, - size_t len); + +/* If the write would block (EWOULDBLOCK) or fail, we we return -1. + * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. + * Otherwise we return the count of (non-SSL) bytes transfered. + */ +ssize_t Curl_ssl_send(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ + const void *mem, /* data to write */ + size_t len, /* max amount to write */ + int *curlcode); /* error to return, + -1 means EWOULDBLOCK */ + +/* If the read would block (EWOULDBLOCK) or fail, we we return -1. + * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. + * Otherwise we return the count of (non-SSL) bytes transfered. + */ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ int sockindex, /* socketindex */ char *mem, /* store read data here */ - size_t len); /* max amount to read */ + size_t len, /* max amount to read */ + int *curlcode); /* error to return, + -1 means EWOULDBLOCK */ + /* init the SSL session ID cache */ CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); size_t Curl_ssl_version(char *buffer, size_t size); -- cgit v1.2.1 From e6858e267be83ff1704de9763ac8a836be04f4f8 Mon Sep 17 00:00:00 2001 From: Ben Greear Date: Tue, 6 Apr 2010 01:41:33 +0200 Subject: ssl: Fix build when SSL isn't enabled Signed-off-by: Ben Greear --- lib/sslgen.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 18858af15..c56265e05 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -101,8 +101,8 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT #define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT #define Curl_ssl_engines_list(x) NULL -#define Curl_ssl_send(a,b,c,d) -1 -#define Curl_ssl_recv(a,b,c,d) -1 +#define Curl_ssl_send(a,b,c,d,e) -1 +#define Curl_ssl_recv(a,b,c,d,e) -1 #define Curl_ssl_initsessions(x,y) CURLE_OK #define Curl_ssl_version(x,y) 0 #define Curl_ssl_data_pending(x,y) 0 -- cgit v1.2.1 From d64bd82bdcb169d0647a80f00068cedd761f8163 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 7 May 2010 15:05:34 +0200 Subject: sendrecv: split the I/O handling into private handler Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently. --- lib/sslgen.h | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index c56265e05..997e30d35 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -45,28 +45,6 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); -/* If the write would block (EWOULDBLOCK) or fail, we we return -1. - * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. - * Otherwise we return the count of (non-SSL) bytes transfered. - */ -ssize_t Curl_ssl_send(struct connectdata *conn, /* connection data */ - int sockindex, /* socketindex */ - const void *mem, /* data to write */ - size_t len, /* max amount to write */ - int *curlcode); /* error to return, - -1 means EWOULDBLOCK */ - -/* If the read would block (EWOULDBLOCK) or fail, we we return -1. - * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. - * Otherwise we return the count of (non-SSL) bytes transfered. - */ -ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ - int sockindex, /* socketindex */ - char *mem, /* store read data here */ - size_t len, /* max amount to read */ - int *curlcode); /* error to return, - -1 means EWOULDBLOCK */ - /* init the SSL session ID cache */ CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); size_t Curl_ssl_version(char *buffer, size_t size); -- cgit v1.2.1 From fdaa8da75d54c863af7c1c16b14e19c31777d448 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 14 Mar 2011 11:13:12 +0100 Subject: sslgen: define Curl_ssl_connect_nonblocking for non-SSL The non-blocking connect improvement for IMAP showed that we didn't properly define the Curl_ssl_connect_nonblocking function for non-SSL builds. Reported by: Tor Arntsen --- lib/sslgen.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 997e30d35..af582e06f 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2008, 2010, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -86,7 +86,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_data_pending(x,y) 0 #define Curl_ssl_check_cxn(x) 0 #define Curl_ssl_free_certinfo(x) - +#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_FAILED_INIT #endif #endif /* USE_SSL */ -- cgit v1.2.1 From 01f05d0c758795e5bb02c6245fc73b8458eb397a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 5 Apr 2011 15:14:02 +0200 Subject: return code cleanup: build, init and run-time errors Stop the abuse of CURLE_FAILED_INIT as return code for things not being init related by introducing two new return codes: CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for several years. It is used for returning error when something is attempted to be used but the feature/option was not enabled or explictitly disabled at build-time. Getting this error mostly means that libcurl needs to be rebuilt. CURLE_FAILED_INIT is now saved and used strictly for init failures. Getting this problem means something went seriously wrong, like a resource shortage or similar. CURLE_UNKNOWN_OPTION is the option formerly known as CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present, separately defined to be removed in a very distant future). This error code is meant to be used to return when an option is given to libcurl that isn't known. This problem would mostly indicate a problem in the program that uses libcurl. --- lib/sslgen.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index af582e06f..b0a0fab12 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -72,12 +72,12 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 #define Curl_ssl_cleanup() do { } while (0) -#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT +#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN #define Curl_ssl_close_all(x) #define Curl_ssl_close(x,y) -#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT -#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT -#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT +#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN +#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN +#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN #define Curl_ssl_engines_list(x) NULL #define Curl_ssl_send(a,b,c,d,e) -1 #define Curl_ssl_recv(a,b,c,d,e) -1 @@ -86,7 +86,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_data_pending(x,y) 0 #define Curl_ssl_check_cxn(x) 0 #define Curl_ssl_free_certinfo(x) -#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_FAILED_INIT +#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN #endif #endif /* USE_SSL */ -- cgit v1.2.1 From 6b75d2c2df7209919a70a29a4479625b62fb3c28 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 3 Sep 2011 16:06:10 +0200 Subject: fix a bunch of MSVC compiler warnings --- lib/sslgen.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index b0a0fab12..ec8fe50bb 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -1,5 +1,5 @@ -#ifndef __SSLGEN_H -#define __SSLGEN_H +#ifndef HEADER_CURL_SSLGEN_H +#define HEADER_CURL_SSLGEN_H /*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | @@ -21,6 +21,7 @@ * KIND, either express or implied. * ***************************************************************************/ +#include "setup.h" bool Curl_ssl_config_matches(struct ssl_config_data* data, struct ssl_config_data* needle); @@ -71,10 +72,10 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #else /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 -#define Curl_ssl_cleanup() do { } while (0) +#define Curl_ssl_cleanup() Curl_nop_stmt #define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN -#define Curl_ssl_close_all(x) -#define Curl_ssl_close(x,y) +#define Curl_ssl_close_all(x) Curl_nop_stmt +#define Curl_ssl_close(x,y) Curl_nop_stmt #define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN #define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN #define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN @@ -85,8 +86,8 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_version(x,y) 0 #define Curl_ssl_data_pending(x,y) 0 #define Curl_ssl_check_cxn(x) 0 -#define Curl_ssl_free_certinfo(x) +#define Curl_ssl_free_certinfo(x) Curl_nop_stmt #define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN #endif -#endif /* USE_SSL */ +#endif /* HEADER_CURL_SSLGEN_H */ -- cgit v1.2.1 From 5793bc370c794a10e6ed014cb535a47672842ae6 Mon Sep 17 00:00:00 2001 From: Alejandro Alvarez Date: Tue, 20 Sep 2011 17:43:54 +0200 Subject: SSL session sharing support added With locking, plus test, plus documentation --- lib/sslgen.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index ec8fe50bb..73164fd23 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -64,6 +64,8 @@ int Curl_ssl_getsessionid(struct connectdata *conn, CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void *ssl_sessionid, size_t idsize); +/* Kill a single session ID entry in the cache */ +int Curl_ssl_kill_session(struct curl_ssl_session *session); /* delete a session from the cache */ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); -- cgit v1.2.1 From 0c903ea18962ef51984733afc28f4f811c4788c5 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 30 Sep 2011 21:09:59 +0200 Subject: Fix SSL disabled builds broken with 'SSL session sharing' commit 5793bc37 --- lib/sslgen.h | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 73164fd23..516817618 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -90,6 +90,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_check_cxn(x) 0 #define Curl_ssl_free_certinfo(x) Curl_nop_stmt #define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN +#define Curl_ssl_kill_session(x) 0 #endif #endif /* HEADER_CURL_SSLGEN_H */ -- cgit v1.2.1 From d56b4c3f89ad3ee28dc62a22cffe2c85ced19830 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 18 Jan 2012 23:39:30 +0100 Subject: ssl session caching: fix compiler warnings --- lib/sslgen.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 516817618..1984a0d53 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -47,7 +47,7 @@ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); /* init the SSL session ID cache */ -CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); +CURLcode Curl_ssl_initsessions(struct SessionHandle *, size_t); size_t Curl_ssl_version(char *buffer, size_t size); bool Curl_ssl_data_pending(const struct connectdata *conn, int connindex); @@ -65,7 +65,7 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void *ssl_sessionid, size_t idsize); /* Kill a single session ID entry in the cache */ -int Curl_ssl_kill_session(struct curl_ssl_session *session); +void Curl_ssl_kill_session(struct curl_ssl_session *session); /* delete a session from the cache */ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); @@ -90,7 +90,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); #define Curl_ssl_check_cxn(x) 0 #define Curl_ssl_free_certinfo(x) Curl_nop_stmt #define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN -#define Curl_ssl_kill_session(x) 0 +#define Curl_ssl_kill_session(x) Curl_nop_stmt #endif #endif /* HEADER_CURL_SSLGEN_H */ -- cgit v1.2.1 From 849179ba2739ab9a0ad079384b125d9c1745db5f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 26 Jun 2012 14:52:46 +0200 Subject: SSL cleanup: use crypto functions through the sslgen layer curl_ntlm_msgs.c would previously use an #ifdef maze and direct SSL-library calls instead of using the SSL layer we have for this purpose. --- lib/sslgen.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib/sslgen.h') diff --git a/lib/sslgen.h b/lib/sslgen.h index 1984a0d53..2369b552c 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -23,6 +23,10 @@ ***************************************************************************/ #include "setup.h" +#ifndef MD5_DIGEST_LENGTH +#define MD5_DIGEST_LENGTH 16 /* fixed size */ +#endif + bool Curl_ssl_config_matches(struct ssl_config_data* data, struct ssl_config_data* needle); bool Curl_clone_ssl_config(struct ssl_config_data* source, @@ -69,6 +73,14 @@ void Curl_ssl_kill_session(struct curl_ssl_session *session); /* delete a session from the cache */ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid); +/* get N random bytes into the buffer */ +void Curl_ssl_random(struct SessionHandle *data, unsigned char *buffer, + size_t length); +void Curl_ssl_md5sum(unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *md5sum, /* output */ + size_t md5len); + #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ #else -- cgit v1.2.1