diff options
author | Eric Hu <ehu@directv.com> | 2010-12-03 10:23:45 -0800 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2010-12-15 16:05:17 +0100 |
commit | 108d7693a443435e39d2278d5dbf842a80c6260c (patch) | |
tree | 43d46e0abf1df87da2f46a4576ae0fef2c69a4c1 | |
parent | 00a5bd41bee6b32572355c0e9bd126bf1e44613c (diff) |
Preparing for axTLS. Actual SSL API functions are only stubbed.
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
-rw-r--r-- | configure.ac | 58 | ||||
-rw-r--r-- | lib/Makefile.inc | 4 | ||||
-rw-r--r-- | lib/axtls.c | 139 | ||||
-rw-r--r-- | lib/axtls.h | 72 | ||||
-rw-r--r-- | lib/http.c | 20 | ||||
-rw-r--r-- | lib/setup.h | 2 | ||||
-rw-r--r-- | lib/sslgen.c | 1 | ||||
-rw-r--r-- | lib/urldata.h | 8 |
8 files changed, 295 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac index c75f4d156..58e286f30 100644 --- a/configure.ac +++ b/configure.ac @@ -140,7 +140,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl} )" + curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,axtls} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_krb4_msg="no (--with-krb4*)" @@ -156,6 +156,7 @@ curl_verbose_msg="enabled (--disable-verbose)" curl_ldaps_msg="no (--enable-ldaps)" curl_rtsp_msg="no (--enable-rtsp)" curl_rtmp_msg="no (--with-librtmp)" + init_ssl_msg=${curl_ssl_msg} dnl dnl Save anything in $LIBS for later @@ -1933,7 +1934,60 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1 -if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED" = "x"; then +OPT_AXTLS=off + +AC_ARG_WITH(axtls,dnl +AC_HELP_STRING([--with-axtls=PATH],[Where to look for axTLS, PATH points to the axTLS installation (default: /usr/local/lib). Ignored if another SSL engine is selected.]) +AC_HELP_STRING([--without-axtls], [disable axTLS]), + OPT_AXTLS=$withval) + +if test "$curl_ssl_msg" = "$init_ssl_msg"; then + if test X"$OPT_AXTLS" != Xno; then + dnl backup the pre-axtls variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_AXTLS" in + yes) + dnl --with-axtls (without path) used + PREFIX_AXTLS=/usr/local/lib + LIB_AXTLS="$PREFIX_AXTLS" + ;; + off) + dnl no --with-axtls option given, just check default places + PREFIX_AXTLS= + ;; + *) + dnl check the given --with-axtls spot + PREFIX_AXTLS=$OPT_AXTLS + LIB_AXTLS="$PREFIX_AXTLS" + LDFLAGS="$LDFLAGS -L$LIB_AXTLS" + CPPFLAGS="$CPPFLAGS -I$PREFIX_AXTLS/ssl" + ;; + esac + + AC_CHECK_LIB(axtls, ssl_version,[ + LIBS="-laxtls $LIBS" + AC_DEFINE(USE_AXTLS, 1, [if axTLS is enabled]) + AC_SUBST(USE_AXTLS, [1]) + AXTLS_ENABLED=1 + USE_AXTLS="yes" + curl_ssl_msg="enabled (axTLS)" + + + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $LIB_AXTLS to LD_LIBRARY_PATH]) + ],[ + LDFLAGS="$CLEANLDFLAGS" + CPPFLAGS="$CLEANCPPFLAGS" + LIBS="$CLEANLIBS" + ]) + fi +fi + +if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED" = "x"; then AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl or --with-nss to address this.]) else diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 41ab8277d..f2a230e66 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -21,7 +21,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c \ curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c \ warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\ - gopher.c + gopher.c axtls.c HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ @@ -36,5 +36,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \ - gopher.h + gopher.h axtls.h diff --git a/lib/axtls.c b/lib/axtls.c new file mode 100644 index 000000000..9a253bc1e --- /dev/null +++ b/lib/axtls.c @@ -0,0 +1,139 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, DirecTV + * contact: Eric Hu <ehu@directv.com> + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * Source file for all axTLS-specific code for the TLS/SSL layer. No code + * but sslgen.c should ever call or use these functions. + */ + +#include "setup.h" +#ifdef USE_AXTLS +#include <axTLS/ssl.h> +#include "axtls.h" + +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#include "sendf.h" +#include "inet_pton.h" +#include "sslgen.h" +#include "parsedate.h" +#include "connect.h" /* for the connect timeout */ +#include "select.h" +#define _MPRINTF_REPLACE /* use our functions only */ +#include <curl/mprintf.h> +#include "memory.h" +/* The last #include file should be: */ +#include "memdebug.h" + +/* Global axTLS init, called from Curl_ssl_init() */ +int Curl_axtls_init(void) +{ + return 1; +} + +int Curl_axtls_cleanup(void) +{ + return 1; +} + +/* + * This function is called after the TCP connect has completed. Setup the TLS + * layer and do all necessary magic. + */ +CURLcode +Curl_axtls_connect(struct connectdata *conn, + int sockindex) + +{ + return CURLE_OK; +} + + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_axtls_send(struct connectdata *conn, + int sockindex, + const void *mem, + size_t len) +{ + return 0; +} + +void Curl_axtls_close_all(struct SessionHandle *data) +{ +} + +void Curl_axtls_close(struct connectdata *conn, int sockindex) +{ +} + +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) +{ + return 0; +} + +/* + * If the read would block we return -1 and set 'wouldblock' to TRUE. + * Otherwise we return the amount of data read. Other errors should return -1 + * and set 'wouldblock' to FALSE. + */ +ssize_t Curl_axtls_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock) +{ + return 0; +} + +/* + * This function uses SSL_peek to determine connection status. + * + * Return codes: + * 1 means the connection is still in place + * 0 means the connection has been closed + * -1 means the connection status is unknown + */ +int Curl_axtls_check_cxn(struct connectdata *conn) +{ + return 0; +} + +void Curl_axtls_session_free(void *ptr) +{ +} + +size_t Curl_axtls_version(char *buffer, size_t size) +{ + return snprintf(buffer, size, "axTLS/1.2.7"); +} + +#endif /* USE_AXTLS */ diff --git a/lib/axtls.h b/lib/axtls.h new file mode 100644 index 000000000..ba62eecbf --- /dev/null +++ b/lib/axtls.h @@ -0,0 +1,72 @@ +#ifndef __AXTLS_H +#define __AXTLS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, DirecTV + * contact: Eric Hu <ehu@directv.com> + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#ifdef USE_AXTLS +#include "curl/curl.h" +#include "urldata.h" + +int Curl_axtls_init(void); +int Curl_axtls_cleanup(void); +CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex); + +/* tell axTLS to close down all open information regarding connections (and + thus session ID caching etc) */ +void Curl_axtls_close_all(struct SessionHandle *data); + + /* close a SSL connection */ +void Curl_axtls_close(struct connectdata *conn, int sockindex); + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_axtls_send(struct connectdata *conn, int sockindex, + const void *mem, size_t len); +ssize_t Curl_axtls_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock); +void Curl_axtls_session_free(void *ptr); +size_t Curl_axtls_version(char *buffer, size_t size); +int Curl_axtls_shutdown(struct connectdata *conn, int sockindex); +int Curl_axtls_check_cxn(struct connectdata *conn); + +/* API setup for axTLS */ +#define curlssl_init Curl_axtls_init +#define curlssl_cleanup Curl_axtls_cleanup +#define curlssl_connect Curl_axtls_connect +#define curlssl_session_free(x) Curl_axtls_session_free(x) +#define curlssl_close_all Curl_axtls_close_all +#define curlssl_close Curl_axtls_close +#define curlssl_shutdown(x,y) Curl_axtls_shutdown(x,y) +#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT) +#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT) +#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL) +#define curlssl_send Curl_axtls_send +#define curlssl_recv Curl_axtls_recv +#define curlssl_version Curl_axtls_version +#define curlssl_check_cxn(x) Curl_axtls_check_cxn(x) +#define curlssl_data_pending(x,y) (x=x, y=y, 0) + +#endif /* USE_AXTLS */ +#endif diff --git a/lib/http.c b/lib/http.c index e35437f1e..2cf4dd2d3 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1881,10 +1881,22 @@ static int https_getsock(struct connectdata *conn, (void)numsocks; return GETSOCK_BLANK; } -#endif -#endif -#endif -#endif +#else +#ifdef USE_AXTLS +static int https_getsock(struct connectdata *conn, + curl_socket_t *socks, + int numsocks) +{ + (void)conn; + (void)socks; + (void)numsocks; + return GETSOCK_BLANK; +} +#endif /* USE_AXTLS */ +#endif /* USE_POLARSSL */ +#endif /* USE_QSOSSL */ +#endif /* USE_NSS */ +#endif /* USE_SSLEAY || USE_GNUTLS */ /* * Curl_http_done() gets called from Curl_done() after a single HTTP request diff --git a/lib/setup.h b/lib/setup.h index cc016c9cd..0902d2c6f 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -537,7 +537,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" -#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) +#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) #define USE_SSL /* SSL support has been enabled */ #endif diff --git a/lib/sslgen.c b/lib/sslgen.c index bd8dc1722..9ee3ab1d8 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -57,6 +57,7 @@ #include "nssg.h" /* NSS versions */ #include "qssl.h" /* QSOSSL versions */ #include "polarssl.h" /* PolarSSL versions */ +#include "axtls.h" /* axTLS versions */ #include "sendf.h" #include "rawstr.h" #include "url.h" diff --git a/lib/urldata.h b/lib/urldata.h index f4f678620..47f5f7962 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -120,6 +120,10 @@ #include <qsossl.h> #endif +#ifdef USE_AXTLS +#include <axTLS/ssl.h> +#endif /* USE_AXTLS */ + #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -268,6 +272,10 @@ struct ssl_connect_data { #ifdef USE_QSOSSL SSLHandle *handle; #endif /* USE_QSOSSL */ +#ifdef USE_AXTLS + SSL_CTX* ssl_ctx; + SSL* ssl; +#endif /* USE_AXTLS */ }; struct ssl_config_data { |