41 #ifdef HAVE_SYS_TYPES_H 42 #include <sys/types.h> 44 #ifdef HAVE_SYS_STAT_H 72 #define SSLSESSION_SHARED(data) (data->share && \ 73 (data->share->specifier & \ 74 (1<<CURL_LOCK_DATA_SSL_SESSION))) 76 #define CLONE_STRING(var) \ 78 dest->var = strdup(source->var); \ 137 static int multissl_init(
const struct Curl_ssl *backend);
153 static bool init_ssl =
FALSE;
187 failf(data,
"Unrecognized parameter value passed via CURLOPT_SSLVERSION");
198 failf(data,
"CURL_SSLVERSION_MAX incompatible with CURL_SSLVERSION");
207 ssl_connect_init_proxy(
struct connectdata *conn,
int sockindex)
212 struct ssl_backend_data *pbdata;
219 pbdata = conn->
proxy_ssl[sockindex].backend;
222 memset(&conn->
ssl[sockindex], 0,
sizeof(conn->
ssl[sockindex]));
225 conn->
ssl[sockindex].backend = pbdata;
236 result = ssl_connect_init_proxy(conn, sockindex);
241 if(!ssl_prefs_check(conn->
data))
262 result = ssl_connect_init_proxy(conn, sockindex);
267 if(!ssl_prefs_check(conn->
data))
281 void Curl_ssl_sessionid_lock(
struct connectdata *conn)
291 void Curl_ssl_sessionid_unlock(
struct connectdata *conn)
301 bool Curl_ssl_getsessionid(
struct connectdata *conn,
302 void **ssl_sessionid,
310 bool no_match =
TRUE;
319 *ssl_sessionid = NULL;
333 for(i = 0; i < data->
set.general_ssl.max_ssl_sessions; i++) {
350 check->
age = *general_age;
386 void Curl_ssl_delsessionid(
struct connectdata *conn,
void *ssl_sessionid)
417 char *clone_conn_to_host;
433 if(!clone_conn_to_host) {
439 clone_conn_to_host = NULL;
474 store->
age = *general_age;
478 store->
name = clone_host;
488 free(clone_conn_to_host);
512 #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ 513 defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS) || \ 551 DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
612 static size_t Curl_multissl_version(
char *
buffer,
size_t size);
616 #ifdef CURL_WITH_MULTI_SSL 617 return Curl_multissl_version(
buffer, size);
692 size_t labellen = strlen(label);
693 size_t outlen = labellen + 1 + valuelen + 1;
700 snprintf(output, outlen,
"%s:", label);
706 output[labellen + 1 + valuelen] = 0;
728 size_t valuelen = strlen(value);
730 return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
734 unsigned char *entropy,
744 static CURLcode pubkey_pem_to_der(
const char *pem,
745 unsigned char **der,
size_t *der_len)
747 char *stripped_pem, *begin_pos, *end_pos;
748 size_t pem_count, stripped_pem_count = 0, pem_len;
755 begin_pos = strstr(pem,
"-----BEGIN PUBLIC KEY-----");
759 pem_count = begin_pos - pem;
761 if(0 != pem_count &&
'\n' != pem[pem_count - 1])
768 end_pos = strstr(pem + pem_count,
"\n-----END PUBLIC KEY-----");
772 pem_len = end_pos - pem;
774 stripped_pem =
malloc(pem_len - pem_count + 1);
783 while(pem_count < pem_len) {
784 if(
'\n' != pem[pem_count] &&
'\r' != pem[pem_count])
785 stripped_pem[stripped_pem_count++] = pem[pem_count];
789 stripped_pem[stripped_pem_count] =
'\0';
803 const char *pinnedpubkey,
804 const unsigned char *pubkey,
size_t pubkeylen)
807 unsigned char *
buf = NULL, *pem_ptr = NULL;
809 size_t size, pem_len;
813 size_t encodedlen, pinkeylen;
814 char *encoded, *pinkeycopy, *begin_pos, *end_pos;
815 unsigned char *sha256sumdigest = NULL;
820 if(!pubkey || !pubkeylen)
824 if(strncmp(pinnedpubkey,
"sha256//", 8) == 0) {
844 infof(data,
"\t public key hash: sha256//%s\n", encoded);
847 pinkeylen = strlen(pinnedpubkey) + 1;
848 pinkeycopy =
malloc(pinkeylen);
853 memcpy(pinkeycopy, pinnedpubkey, pinkeylen);
855 begin_pos = pinkeycopy;
857 end_pos = strstr(begin_pos,
";sha256//");
866 if(encodedlen == strlen(begin_pos + 8) &&
867 !memcmp(encoded, begin_pos + 8, encodedlen)) {
878 begin_pos = strstr(end_pos,
"sha256//");
880 }
while(end_pos && begin_pos);
886 fp = fopen(pinnedpubkey,
"rb");
892 if(fseek(fp, 0, SEEK_END))
894 filesize = ftell(fp);
895 if(fseek(fp, 0, SEEK_SET))
917 if((
int)
fread(buf, size, 1, fp) != 1)
921 if(pubkeylen == size) {
922 if(!memcmp(pubkey, buf, pubkeylen))
932 pem_read = pubkey_pem_to_der((
const char *)buf, &pem_ptr, &pem_len);
941 if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen))
952 #ifndef CURL_DISABLE_CRYPTO_AUTH 953 CURLcode Curl_ssl_md5sum(
unsigned char *tmp,
955 unsigned char *md5sum,
1077 static int Curl_multissl_init(
void)
1079 if(multissl_init(NULL))
1086 if(multissl_init(NULL))
1092 int sockindex,
bool *done)
1094 if(multissl_init(NULL))
1102 if(multissl_init(NULL))
1107 static void Curl_multissl_close(
struct connectdata *conn,
int sockindex)
1109 if(multissl_init(NULL))
1114 static const struct Curl_ssl Curl_ssl_multi = {
1127 Curl_multissl_version,
1133 Curl_multissl_connect,
1134 Curl_multissl_connect_nonblocking,
1135 Curl_multissl_get_internals,
1136 Curl_multissl_close,
1148 #if defined(CURL_WITH_MULTI_SSL) 1150 #elif defined(USE_AXTLS) 1152 #elif defined(USE_CYASSL) 1154 #elif defined(USE_DARWINSSL) 1155 &Curl_ssl_darwinssl;
1156 #elif defined(USE_GNUTLS) 1158 #elif defined(USE_GSKIT) 1160 #elif defined(USE_MBEDTLS) 1162 #elif defined(USE_NSS) 1164 #elif defined(USE_OPENSSL) 1166 #elif defined(USE_POLARSSL) 1168 #elif defined(USE_SCHANNEL) 1171 #error "Missing struct Curl_ssl for selected SSL backend" 1174 static const struct Curl_ssl *available_backends[] = {
1175 #if defined(USE_AXTLS) 1178 #if defined(USE_CYASSL) 1181 #if defined(USE_DARWINSSL) 1182 &Curl_ssl_darwinssl,
1184 #if defined(USE_GNUTLS) 1187 #if defined(USE_GSKIT) 1190 #if defined(USE_MBEDTLS) 1193 #if defined(USE_NSS) 1196 #if defined(USE_OPENSSL) 1199 #if defined(USE_POLARSSL) 1202 #if defined(USE_SCHANNEL) 1208 static size_t Curl_multissl_version(
char *
buffer,
size_t size)
1210 static const struct Curl_ssl *selected;
1211 static char backends[200];
1212 static size_t total;
1213 const struct Curl_ssl *
current;
1215 current = Curl_ssl == &Curl_ssl_multi ? available_backends[0] : Curl_ssl;
1217 if(current != selected) {
1223 for(i = 0; available_backends[
i]; i++) {
1226 if(selected != available_backends[i])
1228 p += available_backends[
i]->
version(p, backends +
sizeof(backends) - p);
1229 if(selected != available_backends[i])
1233 total = p - backends;
1246 static int multissl_init(
const struct Curl_ssl *backend)
1251 if(Curl_ssl != &Curl_ssl_multi)
1259 if(!available_backends[0])
1262 env =
getenv(
"CURL_SSL_BACKEND");
1263 #ifdef CURL_DEFAULT_SSL_BACKEND 1265 env = CURL_DEFAULT_SSL_BACKEND;
1268 for(i = 0; available_backends[
i]; i++) {
1270 Curl_ssl = available_backends[
i];
1277 Curl_ssl = available_backends[0];
1286 if(Curl_ssl != &Curl_ssl_multi)
1289 for(i = 0; available_backends[
i]; i++) {
1290 if(available_backends[i]->
info.
id ==
id ||
1292 multissl_init(available_backends[i]);
struct ssl_connect_data ssl[2]
bool Curl_ssl_config_matches(struct ssl_primary_config *data, struct ssl_primary_config *needle)
#define Curl_ssl_random(x, y, z)
#define filesize(name, stat_data)
const MD5_params Curl_DIGEST_MD5[1]
CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen)
void Curl_pgrsTime(struct Curl_easy *data, timerid timer)
struct curl_slist * Curl_slist_append_nodup(struct curl_slist *list, char *data)
int Curl_MD5_update(MD5_context *context, const unsigned char *data, unsigned int len)
MD5_context * Curl_MD5_init(const MD5_params *md5params)
CURLcode(* set_engine)(struct Curl_easy *data, const char *engine)
void Curl_none_session_free(void *ptr)
#define SSL_SET_OPTION(var)
ssl_connect_state connecting_state
CURLcode(* connect)(struct connectdata *conn, int sockindex)
CURLcode Curl_base64_encode(struct Curl_easy *data, const char *inputbuff, size_t insize, char **outptr, size_t *outlen)
const struct Curl_handler * handler
#define SSLSESSION_SHARED(data)
UNITTEST_START char * ptr
#define GETSOCK_READSOCK(x)
#define Curl_ssl_close(x, y)
#define Curl_ssl_set_engine_default(x)
int Curl_none_shutdown(struct connectdata *conn, int sockindex)
bool Curl_none_data_pending(const struct connectdata *conn, int connindex)
#define Curl_ssl_connect(x, y)
#define Curl_ssl_connect_nonblocking(x, y, z)
CURLcode(* random)(struct Curl_easy *data, unsigned char *entropy, size_t length)
#define strcasecompare(a, b)
UNITTEST_START int result
struct Curl_share * share
struct ssl_config_data ssl
bool(* false_start)(void)
void *(* get_internals)(struct ssl_connect_data *connssl, CURLINFO info)
struct proxy_info http_proxy
#define MAX_PINNED_PUBKEY_SIZE
struct ssl_primary_config primary
ssl_connection_state state
memcpy(filename, filename1, strlen(filename1))
#define Curl_ssl_data_pending(x, y)
#define Curl_ssl_shutdown(x, y)
CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy, size_t length)
int Curl_none_check_cxn(struct connectdata *conn)
UNITTEST_START char * output
CURLSHcode Curl_share_unlock(struct Curl_easy *data, curl_lock_data type)
#define Curl_ssl_engines_list(x)
CURLcode(* set_engine_default)(struct Curl_easy *data)
void(* session_free)(void *ptr)
bool(* data_pending)(const struct connectdata *conn, int connindex)
curl_easy_setopt expects a curl_off_t argument for this option curl_easy_setopt expects a curl_write_callback argument for this option curl_easy_setopt expects a curl_ioctl_callback argument for this option curl_easy_setopt expects a curl_opensocket_callback argument for this option curl_easy_setopt expects a curl_debug_callback argument for this option curl_easy_setopt expects a curl_conv_callback argument for this option curl_easy_setopt expects a private data pointer as argument for this option curl_easy_setopt expects a FILE *argument for this option curl_easy_setopt expects a struct curl_httppost *argument for this option curl_easy_setopt expects a struct curl_slist *argument for this option curl_easy_getinfo expects a pointer to char *for this info curl_easy_getinfo expects a pointer to double for this info curl_easy_getinfo expects a pointer to struct curl_tlssessioninfo *for this info curl_easy_getinfo expects a pointer to curl_socket_t for this info size_t
CURLcode(* connect_nonblocking)(struct connectdata *conn, int sockindex, bool *done)
bool Curl_none_false_start(void)
#define Curl_ssl_version(x, y)
bool Curl_none_cert_status_request(void)
#define Curl_ssl_check_cxn(x)
struct curl_certinfo certs
int Curl_safe_strcasecompare(const char *first, const char *second)
#define Curl_ssl_initsessions(x, y)
bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source, struct ssl_primary_config *dest)
int Curl_MD5_final(MD5_context *context, unsigned char *result)
void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc)
#define CURL_SHA256_DIGEST_LENGTH
void Curl_none_cleanup(void)
CURL_TYPEOF_CURL_OFF_T curl_off_t
CURLcode(* md5sum)(unsigned char *input, size_t inputlen, unsigned char *md5sum, size_t md5sumlen)
void(* close_all)(struct Curl_easy *data)
int(* check_cxn)(struct connectdata *cxn)
#define GETSOCK_WRITESOCK(x)
unsigned int curlx_uztoui(size_t uznum)
static unsigned short port
CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, unsigned char *md5sum, size_t md5len)
#define Curl_safefree(ptr)
#define Curl_ssl_cleanup()
unsigned support_https_proxy
#define CLONE_STRING(var)
CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine)
int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, int numsocks)
struct curl_slist ** certinfo
ssize_t Curl_send_plain(struct connectdata *conn, int num, const void *mem, size_t len, CURLcode *code)
int Curl_ssl_backend(void)
struct curl_ssl_session * session
#define Curl_ssl_set_engine(x, y)
struct curl_slist *(* engines_list)(struct Curl_easy *data)
struct hostname conn_to_host
struct ssl_primary_config ssl_config
struct curl_slist * Curl_none_engines_list(struct Curl_easy *data)
#define Curl_ssl_kill_session(x)
struct ssl_primary_config proxy_ssl_config
UNITTEST_START int * value
CURLSHcode Curl_share_lock(struct Curl_easy *data, curl_lock_data type, curl_lock_access accesstype)
ssize_t Curl_recv_plain(struct connectdata *conn, int num, char *buf, size_t len, CURLcode *code)
#define Curl_ssl_cert_status_request()
int(* shutdown)(struct connectdata *conn, int sockindex)
struct ssl_connect_data proxy_ssl[2]
TFSIMD_FORCE_INLINE tfScalar length(const Quaternion &q)
void(* close)(struct connectdata *conn, int sockindex)
CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, const curl_ssl_backend ***avail)
size_t sizeof_ssl_backend_data
#define Curl_ssl_free_certinfo(x)
#define Curl_ssl_false_start()
size_t curlx_sotouz(curl_off_t sonum)
struct ssl_general_config general_ssl
#define CONNECT_PROXY_SSL()
CURL_EXTERN void curl_slist_free_all(struct curl_slist *)
struct ssl_primary_config ssl_config
bool(* cert_status_request)(void)
bool proxy_ssl_connected[2]
CURLcode Curl_none_set_engine_default(struct Curl_easy *data)
void Curl_none_close_all(struct Curl_easy *data)
size_t(* version)(char *buffer, size_t size)
#define calloc(nbelem, size)
#define Curl_ssl_close_all(x)
void(* sha256sum)(const unsigned char *input, size_t inputlen, unsigned char *sha256sum, size_t sha256sumlen)