diff options
| author | Patrick Monnerat <pm@datasphere.ch> | 2014-10-13 16:33:47 +0200 |
|---|---|---|
| committer | Patrick Monnerat <pm@datasphere.ch> | 2014-10-13 16:33:47 +0200 |
| commit | 265b9a2e493b685e8118bd027905ed52bcde365a (patch) | |
| tree | 77bddebd61b039a54e63087720e56e0f966e33cf | |
| parent | ec8330b21d99b7be0205005b50a37a719c15d195 (diff) | |
vtls: remove QsoSSL
| -rw-r--r-- | docs/FAQ | 2 | ||||
| -rw-r--r-- | docs/FEATURES | 4 | ||||
| -rw-r--r-- | docs/INTERNALS | 2 | ||||
| -rw-r--r-- | docs/libcurl/curl_easy_getinfo.3 | 4 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_CERTINFO.3 | 2 | ||||
| -rw-r--r-- | docs/libcurl/symbols-in-versions | 2 | ||||
| -rw-r--r-- | include/curl/curl.h | 2 | ||||
| -rw-r--r-- | lib/Makefile.inc | 4 | ||||
| -rw-r--r-- | lib/Makefile.vc6 | 1 | ||||
| -rw-r--r-- | lib/config-os400.h | 5 | ||||
| -rw-r--r-- | lib/curl_setup.h | 4 | ||||
| -rw-r--r-- | lib/getinfo.c | 3 | ||||
| -rw-r--r-- | lib/hostcheck.c | 5 | ||||
| -rw-r--r-- | lib/setup-os400.h | 18 | ||||
| -rw-r--r-- | lib/urldata.h | 7 | ||||
| -rw-r--r-- | lib/vtls/qssl.c | 527 | ||||
| -rw-r--r-- | lib/vtls/qssl.h | 65 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 1 | ||||
| -rw-r--r-- | lib/vtls/vtls.h | 1 | ||||
| -rw-r--r-- | lib/x509asn1.c | 8 | ||||
| -rw-r--r-- | lib/x509asn1.h | 6 | ||||
| -rw-r--r-- | packages/OS400/README.OS400 | 11 | ||||
| -rw-r--r-- | packages/OS400/curl.inc.in | 4 | ||||
| -rw-r--r-- | packages/OS400/make-lib.sh | 2 | ||||
| -rw-r--r-- | packages/OS400/os400sys.c | 102 | ||||
| -rw-r--r-- | packages/Symbian/group/libcurl.mmp | 2 | ||||
| -rw-r--r-- | tests/unit/unit1397.c | 3 |
27 files changed, 33 insertions, 764 deletions
@@ -427,7 +427,7 @@ FAQ curl can be built to use one of the following SSL alternatives: OpenSSL, GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X), - WinSSL (native Windows) or qssl (native IBM i). They all have their pros + WinSSL (native Windows) or GSKit (native IBM i). They all have their pros and cons, and we try to maintain a comparison of them here: http://curl.haxx.se/docs/ssl-compared.html diff --git a/docs/FEATURES b/docs/FEATURES index 7062e0b78..802292c55 100644 --- a/docs/FEATURES +++ b/docs/FEATURES @@ -178,7 +178,7 @@ FOOTNOTES ========= *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native - Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i) + Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i) *2 = requires OpenLDAP *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or SSPI (native Windows) @@ -186,7 +186,7 @@ FOOTNOTES currently supported *5 = requires nghttp2 and possibly a recent TLS library *6 = requires c-ares - *7 = requires OpenSSL, NSS, qssl, WinSSL or Secure Transport; GnuTLS, for + *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for example, only supports SSLv3 and TLSv1 *8 = requires libssh2 *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native diff --git a/docs/INTERNALS b/docs/INTERNALS index 5175e2a0f..70e060f3e 100644 --- a/docs/INTERNALS +++ b/docs/INTERNALS @@ -43,7 +43,7 @@ Portability cyassl 2.0.0 openldap 2.0 MIT krb5 lib 1.2.4 - qsossl V5R3M0 + GSKit V5R3M0 NSS 3.14.x axTLS 1.2.7 PolarSSL 1.3.0 diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3 index 70ed6cdbb..0f0fd2e41 100644 --- a/docs/libcurl/curl_easy_getinfo.3 +++ b/docs/libcurl/curl_easy_getinfo.3 @@ -222,8 +222,8 @@ request was done. The struct reports how many certs it found and then you can extract info for each of those certs by following the linked lists. The info chain is provided in a series of data in the format "name:content" where the content is for the specific named data. See also the certinfo.c example. NOTE: -this option is only available in libcurl built with OpenSSL, NSS, GSKit or -QsoSSL support. (Added in 7.19.1) +this option is only available in libcurl built with OpenSSL, NSS or GSKit +support. (Added in 7.19.1) .IP CURLINFO_TLS_SESSION Pass a pointer to a 'struct curl_tlssessioninfo *'. The pointer will be initialized to refer to a 'struct curl_tlssessioninfo *' that will contain an diff --git a/docs/libcurl/opts/CURLOPT_CERTINFO.3 b/docs/libcurl/opts/CURLOPT_CERTINFO.3 index 44141da4a..8c01711dd 100644 --- a/docs/libcurl/opts/CURLOPT_CERTINFO.3 +++ b/docs/libcurl/opts/CURLOPT_CERTINFO.3 @@ -29,7 +29,7 @@ CURLOPT_CERTINFO \- request SSL certificate information CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo); .SH DESCRIPTION Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With -this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will +this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data may then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its option diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index ab9aa7f64..fcbd97a33 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -615,7 +615,7 @@ CURLSSLBACKEND_NONE 7.34.0 CURLSSLBACKEND_NSS 7.34.0 CURLSSLBACKEND_OPENSSL 7.34.0 CURLSSLBACKEND_POLARSSL 7.34.0 -CURLSSLBACKEND_QSOSSL 7.34.0 +CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1 CURLSSLBACKEND_SCHANNEL 7.34.0 CURLSSLOPT_ALLOW_BEAST 7.25.0 CURLUSESSL_ALL 7.17.0 diff --git a/include/curl/curl.h b/include/curl/curl.h index ccd9c3bcb..7200e9368 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -2034,7 +2034,7 @@ typedef enum { CURLSSLBACKEND_OPENSSL = 1, CURLSSLBACKEND_GNUTLS = 2, CURLSSLBACKEND_NSS = 3, - CURLSSLBACKEND_QSOSSL = 4, + CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ CURLSSLBACKEND_GSKIT = 5, CURLSSLBACKEND_POLARSSL = 6, CURLSSLBACKEND_CYASSL = 7, diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 462d72a5f..cfbd3c7dd 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -21,10 +21,10 @@ ########################################################################### LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ - vtls/qssl.c vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \ + vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \ vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c -LIB_VTLS_HFILES = vtls/qssl.h vtls/openssl.h vtls/vtls.h vtls/gtls.h \ +LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \ vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h diff --git a/lib/Makefile.vc6 b/lib/Makefile.vc6 index 2a80fc406..0edde28cf 100644 --- a/lib/Makefile.vc6 +++ b/lib/Makefile.vc6 @@ -599,7 +599,6 @@ X_OBJS= \ $(DIROBJ)\polarssl_threadlock.obj \
$(DIROBJ)\pop3.obj \
$(DIROBJ)\progress.obj \
- $(DIROBJ)\qssl.obj \
$(DIROBJ)\rawstr.obj \
$(DIROBJ)\rtsp.obj \
$(DIROBJ)\security.obj \
diff --git a/lib/config-os400.h b/lib/config-os400.h index e65e30acd..b6b29a525 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -537,9 +537,6 @@ /* Define to the function return type for send. */ #define SEND_TYPE_RETV int -/* Define to use the QsoSSL package. */ -#undef USE_QSOSSL - /* Define to use the GSKit package. */ #define USE_GSKIT diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 173731c49..353b15fcb 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -602,7 +602,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" #if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \ - defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \ + defined(USE_POLARSSL) || defined(USE_AXTLS) || \ defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ defined(USE_DARWINSSL) || defined(USE_GSKIT) #define USE_SSL /* SSL support has been enabled */ diff --git a/lib/getinfo.c b/lib/getinfo.c index 8905d3613..4c3dc1387 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -312,9 +312,6 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info, #ifdef USE_NSS internals = conn->ssl[sockindex].handle; #endif -#ifdef USE_QSOSSL - internals = conn->ssl[sockindex].handle; -#endif #ifdef USE_GSKIT internals = conn->ssl[sockindex].handle; #endif diff --git a/lib/hostcheck.c b/lib/hostcheck.c index 42eb2ee77..21af8fa1c 100644 --- a/lib/hostcheck.c +++ b/lib/hostcheck.c @@ -22,8 +22,7 @@ #include "curl_setup.h" -#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \ - defined(USE_GSKIT) +#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_GSKIT) /* these backends use functions from this file */ #ifdef HAVE_NETINET_IN_H @@ -145,4 +144,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) return res; } -#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */ +#endif /* SSLEAY or AXTLS or GSKIT */ diff --git a/lib/setup-os400.h b/lib/setup-os400.h index 0331464e4..fae8567df 100644 --- a/lib/setup-os400.h +++ b/lib/setup-os400.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -37,7 +37,6 @@ typedef unsigned long u_int32_t; #include <sys/socket.h> #include <netdb.h> -#include <qsossl.h> #include <gskssl.h> #include <qsoasync.h> #include <gssapi.h> @@ -57,21 +56,6 @@ extern int Curl_getnameinfo_a(const struct sockaddr * sa, #define getnameinfo Curl_getnameinfo_a -/* SSL wrappers. */ - -extern int Curl_SSL_Init_Application_a(SSLInitApp * init_app); -#define SSL_Init_Application Curl_SSL_Init_Application_a - - -extern int Curl_SSL_Init_a(SSLInit * init); -#define SSL_Init Curl_SSL_Init_a - - -extern char * Curl_SSL_Strerror_a(int sslreturnvalue, - SSLErrorMsg * serrmsgp); -#define SSL_Strerror Curl_SSL_Strerror_a - - /* GSKit wrappers. */ extern int Curl_gsk_environment_open(gsk_handle * my_env_handle); diff --git a/lib/urldata.h b/lib/urldata.h index fd59d781d..e9ddf30b8 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -138,10 +138,6 @@ #include <pk11pub.h> #endif -#ifdef USE_QSOSSL -#include <qsossl.h> -#endif - #ifdef USE_GSKIT #include <gskssl.h> #endif @@ -328,9 +324,6 @@ struct ssl_connect_data { PK11GenericObject *obj_clicert; ssl_connect_state connecting_state; #endif /* USE_NSS */ -#ifdef USE_QSOSSL - SSLHandle *handle; -#endif /* USE_QSOSSL */ #ifdef USE_GSKIT gsk_handle handle; int iocport; diff --git a/lib/vtls/qssl.c b/lib/vtls/qssl.c deleted file mode 100644 index 4c320538e..000000000 --- a/lib/vtls/qssl.c +++ /dev/null @@ -1,527 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef USE_QSOSSL - -#include <qsossl.h> - -#ifdef HAVE_LIMITS_H -# include <limits.h> -#endif - -#include <curl/curl.h> -#include "urldata.h" -#include "sendf.h" -#include "qssl.h" -#include "vtls.h" -#include "connect.h" /* for the connect timeout */ -#include "select.h" -#include "x509asn1.h" -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - - -int Curl_qsossl_init(void) - -{ - /* Nothing to do here. We must have connection data to initialize ssl, so - * defer. - */ - - return 1; -} - - -void Curl_qsossl_cleanup(void) - -{ - /* Nothing to do. */ -} - - -static CURLcode Curl_qsossl_init_session(struct SessionHandle * data) - -{ - int rc; - char * certname; - SSLInit initstr; - SSLInitApp initappstr; - - /* Initialize the job for SSL according to the current parameters. - * QsoSSL offers two ways to do it: SSL_Init_Application() that uses an - * application identifier to select certificates in the main certificate - * store, and SSL_Init() that uses named keyring files and a password. - * It is not possible to have different keyrings for the CAs and the - * local certificate. We thus use the certificate name to identify the - * keyring if given, else the CA file name. - * If the key file name is given, it is taken as the password for the - * keyring in certificate file. - * We first try to SSL_Init_Application(), then SSL_Init() if it failed. - */ - - certname = data->set.str[STRING_CERT]; - - if(!certname) { - certname = data->set.str[STRING_SSL_CAFILE]; - - if(!certname) - return CURLE_OK; /* Use previous setup. */ - } - - memset((char *) &initappstr, 0, sizeof initappstr); - initappstr.applicationID = certname; - initappstr.applicationIDLen = strlen(certname); - initappstr.protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */ - initappstr.sessionType = SSL_REGISTERED_AS_CLIENT; - rc = SSL_Init_Application(&initappstr); - - if(rc == SSL_ERROR_NOT_REGISTERED) { - initstr.keyringFileName = certname; - initstr.keyringPassword = data->set.str[STRING_KEY]; - initstr.cipherSuiteList = NULL; /* Use default. */ - initstr.cipherSuiteListLen = 0; - rc = SSL_Init(&initstr); - } - - switch (rc) { - - case 0: /* No error. */ - break; - - case SSL_ERROR_IO: - failf(data, "SSL_Init() I/O error: %s", strerror(errno)); - return CURLE_SSL_CONNECT_ERROR; - - case SSL_ERROR_BAD_CIPHER_SUITE: - return CURLE_SSL_CIPHER; - - case SSL_ERROR_KEYPASSWORD_EXPIRED: - case SSL_ERROR_NOT_REGISTERED: - return CURLE_SSL_CONNECT_ERROR; - - case SSL_ERROR_NO_KEYRING: - return CURLE_SSL_CACERT; - - case SSL_ERROR_CERT_EXPIRED: - return CURLE_SSL_CERTPROBLEM; - - default: - failf(data, "SSL_Init(): %s", SSL_Strerror(rc, NULL)); - return CURLE_SSL_CONNECT_ERROR; - } - - return CURLE_OK; -} - - -static CURLcode Curl_qsossl_create(struct connectdata * conn, int sockindex) - -{ - SSLHandle * h; - struct ssl_connect_data * connssl = &conn->ssl[sockindex]; - - h = SSL_Create(conn->sock[sockindex], SSL_ENCRYPT); - - if(!h) { - failf(conn->data, "SSL_Create() I/O error: %s", strerror(errno)); - return CURLE_SSL_CONNECT_ERROR; - } - - connssl->handle = h; - return CURLE_OK; -} - - -static int Curl_qsossl_trap_cert(SSLHandle * h) - -{ - return 1; /* Accept certificate. */ -} - - -static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex) - -{ - int rc; - struct SessionHandle * data = conn->data; - struct ssl_connect_data * connssl = &conn->ssl[sockindex]; - SSLHandle * h = connssl->handle; - long timeout_ms; - - h->exitPgm = data->set.ssl.verifypeer? NULL: Curl_qsossl_trap_cert; - - /* figure out how long time we should wait at maximum */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* time-out, bail out, go home */ - failf(data, "Connection time-out"); - return CURLE_OPERATION_TIMEDOUT; - } - - /* SSL_Handshake() timeout resolution is second, so round up. */ - h->timeout = (timeout_ms + 1000 - 1) / 1000; - - /* Set-up protocol. */ - - switch (data->set.ssl.version) { - - default: - case CURL_SSLVERSION_DEFAULT: - h->protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */ - break; - - case CURL_SSLVERSION_TLSv1: - h->protocol = TLS_VERSION_1; - break; - - case CURL_SSLVERSION_SSLv2: - h->protocol = SSL_VERSION_2; - break; - - case CURL_SSLVERSION_SSLv3: - h->protocol = SSL_VERSION_3; - break; - - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - failf(data, "TLS minor version cannot be set"); - return CURLE_SSL_CONNECT_ERROR; - } - - h->peerCert = NULL; - h->peerCertLen = 0; - rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT); - - switch (rc) { - - case 0: /* No error. */ - break; - - case SSL_ERROR_BAD_CERTIFICATE: - case SSL_ERROR_BAD_CERT_SIG: - case SSL_ERROR_NOT_TRUSTED_ROOT: - return CURLE_PEER_FAILED_VERIFICATION; - - case SSL_ERROR_BAD_CIPHER_SUITE: - case SSL_ERROR_NO_CIPHERS: - return CURLE_SSL_CIPHER; - - case SSL_ERROR_CERTIFICATE_REJECTED: - case SSL_ERROR_CERT_EXPIRED: - case SSL_ERROR_NO_CERTIFICATE: - return CURLE_SSL_CERTPROBLEM; - - case SSL_ERROR_IO: - failf(data, "SSL_Handshake() I/O error: %s", strerror(errno)); - return CURLE_SSL_CONNECT_ERROR; - - default: - failf(data, "SSL_Handshake(): %s", SSL_Strerror(rc, NULL)); - return CURLE_SSL_CONNECT_ERROR; - } - - /* Verify host. */ - rc = Curl_verifyhost(conn, h->peerCert, h->peerCert + h->peerCertLen); - if(rc != CURLE_OK) - return rc; - - /* Gather certificate info. */ - if(data->set.ssl.certinfo) { - if(Curl_ssl_init_certinfo(data, 1)) - return CURLE_OUT_OF_MEMORY; - if(h->peerCert) { - rc = Curl_extract_certinfo(conn, 0, h->peerCert, - h->peerCert + h->peerCertLen); - if(rc != CURLE_OK) - return rc; - } - } - - return CURLE_OK; -} - - -static Curl_recv qsossl_recv; -static Curl_send qsossl_send; - -CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex) - -{ - struct SessionHandle * data = conn->data; - struct ssl_connect_data * connssl = &conn->ssl[sockindex]; - int rc; - - rc = Curl_qsossl_init_session(data); - - if(rc == CURLE_OK) { - rc = Curl_qsossl_create(conn, sockindex); - - if(rc == CURLE_OK) { - rc = Curl_qsossl_handshake(conn, sockindex); - if(rc != CURLE_OK) - SSL_Destroy(connssl->handle); - } - } - - if(rc == CURLE_OK) { - conn->recv[sockindex] = qsossl_recv; - conn->send[sockindex] = qsossl_send; - connssl->state = ssl_connection_complete; - } - else { - connssl->handle = NULL; - connssl->use = FALSE; - connssl->state = ssl_connection_none; - } - - return rc; -} - - -static int Curl_qsossl_close_one(struct ssl_connect_data * conn, - struct SessionHandle * data) - -{ - int rc; - - if(!conn->handle) - return 0; - - rc = SSL_Destroy(conn->handle); - - if(rc) { - if(rc == SSL_ERROR_IO) { - failf(data, "SSL_Destroy() I/O error: %s", strerror(errno)); - return -1; - } - - /* An SSL error. */ - failf(data, "SSL_Destroy() returned error %s", SSL_Strerror(rc, NULL)); - return -1; - } - - conn->handle = NULL; - return 0; -} - - -void Curl_qsossl_close(struct connectdata *conn, int sockindex) - -{ - struct SessionHandle *data = conn->data; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - if(connssl->use) - (void) Curl_qsossl_close_one(connssl, data); -} - - -int Curl_qsossl_close_all(struct SessionHandle * data) - -{ - /* Unimplemented. */ - (void) data; - return 0; -} - - -int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex) - -{ - struct ssl_connect_data * connssl = &conn->ssl[sockindex]; - struct SessionHandle *data = conn->data; - ssize_t nread; - int what; - int rc; - char buf[120]; - - if(!connssl->handle) - return 0; - - if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) - return 0; - - if(Curl_qsossl_close_one(connssl, data)) - return -1; - - rc = 0; - - what = Curl_socket_ready(conn->sock[sockindex], - CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT); - - for(;;) { - if(what < 0) { - /* anything that gets here is fatally bad */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - rc = -1; - break; - } - - if(!what) { /* timeout */ - failf(data, "SSL shutdown timeout"); - break; - } - - /* Something to read, let's do it and hope that it is the close - notify alert from the server. No way to SSL_Read now, so use read(). */ - - nread = read(conn->sock[sockindex], buf, sizeof(buf)); - - if(nread < 0) { - failf(data, "read: %s", strerror(errno)); - rc = -1; - } - - if(nread <= 0) - break; - - what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0); - } - - return rc; -} - - -static ssize_t qsossl_send(struct connectdata * conn, int sockindex, - const void * mem, size_t len, CURLcode * curlcode) - -{ - /* SSL_Write() is said to return 'int' while write() and send() returns - 'size_t' */ - int rc; - - rc = SSL_Write(conn->ssl[sockindex].handle, (void *) mem, (int) len); - - if(rc < 0) { - switch(rc) { - - case SSL_ERROR_BAD_STATE: - /* The operation did not complete; the same SSL I/O function - should be called again later. This is basically an EWOULDBLOCK - equivalent. */ - *curlcode = CURLE_AGAIN; - return -1; - - case SSL_ERROR_IO: - switch (errno) { - case EWOULDBLOCK: - case EINTR: - *curlcode = CURLE_AGAIN; - return -1; - } - - failf(conn->data, "SSL_Write() I/O error: %s", strerror(errno)); - *curlcode = CURLE_SEND_ERROR; - return -1; - } - - /* An SSL error. */ - failf(conn->data, "SSL_Write() returned error %s", - SSL_Strerror(rc, NULL)); - *curlcode = CURLE_SEND_ERROR; - return -1; - } - - return (ssize_t) rc; /* number of bytes */ -} - - -static ssize_t qsossl_recv(struct connectdata * conn, int num, char * buf, - size_t buffersize, CURLcode * curlcode) - -{ - char error_buffer[120]; /* OpenSSL documents that this must be at - least 120 bytes long. */ - unsigned long sslerror; - int buffsize; - int nread; - - buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - nread = SSL_Read(conn->ssl[num].handle, buf, buffsize); - - if(nread < 0) { - /* failed SSL_read */ - - switch (nread) { - - case SSL_ERROR_BAD_STATE: - /* there's data pending, re-invoke SSL_Read(). */ - *curlcode = CURLE_AGAIN; - return -1; - - case SSL_ERROR_IO: - switch (errno) { - case EWOULDBLOCK: - *curlcode = CURLE_AGAIN; - return -1; - } - - failf(conn->data, "SSL_Read() I/O error: %s", strerror(errno)); - *curlcode = CURLE_RECV_ERROR; - return -1; - - default: - failf(conn->data, "SSL read error: %s", SSL_Strerror(nread, NULL)); - *curlcode = CURLE_RECV_ERROR; - return -1; - } - } - return (ssize_t) nread; -} - - -size_t Curl_qsossl_version(char * buffer, size_t size) - -{ - strncpy(buffer, "IBM OS/400 SSL", size); - return strlen(buffer); -} - - -int Curl_qsossl_check_cxn(struct connectdata * cxn) - -{ - int err; - int errlen; - - /* The only thing that can be tested here is at the socket level. */ - - if(!cxn->ssl[FIRSTSOCKET].handle) - return 0; /* connection has been closed */ - - err = 0; - errlen = sizeof err; - - if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR, - (unsigned char *) &err, &errlen) || - errlen != sizeof err || err) - return 0; /* connection has been closed */ - - return -1; /* connection status unknown */ -} - -#endif /* USE_QSOSSL */ diff --git a/lib/vtls/qssl.h b/lib/vtls/qssl.h deleted file mode 100644 index 07edb67e0..000000000 --- a/lib/vtls/qssl.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef HEADER_CURL_QSSL_H -#define HEADER_CURL_QSSL_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "curl_setup.h" - -/* - * This header should only be needed to get included by vtls.c and qssl.c - */ - -#include "urldata.h" - -#ifdef USE_QSOSSL -int Curl_qsossl_init(void); -void Curl_qsossl_cleanup(void); -CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex); -void Curl_qsossl_close(struct connectdata *conn, int sockindex); -int Curl_qsossl_close_all(struct SessionHandle * data); -int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex); - -size_t Curl_qsossl_version(char * buffer, size_t size); -int Curl_qsossl_check_cxn(struct connectdata * cxn); - -/* this backend supports CURLOPT_CERTINFO */ -#define have_curlssl_certinfo 1 - -/* API setup for QsoSSL */ -#define curlssl_init Curl_qsossl_init -#define curlssl_cleanup Curl_qsossl_cleanup -#define curlssl_connect Curl_qsossl_connect - -/* No session handling for QsoSSL */ -#define curlssl_session_free(x) Curl_nop_stmt -#define curlssl_close_all Curl_qsossl_close_all -#define curlssl_close Curl_qsossl_close -#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y) -#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN -#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN -#define curlssl_engines_list(x) NULL -#define curlssl_version Curl_qsossl_version -#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x) -#define curlssl_data_pending(x,y) 0 -#define CURL_SSL_BACKEND CURLSSLBACKEND_QSOSSL -#endif /* USE_QSOSSL */ - -#endif /* HEADER_CURL_QSSL_H */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index bd1af0133..7d9894449 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -31,7 +31,6 @@ Curl_ossl_ - prefix for OpenSSL ones Curl_gtls_ - prefix for GnuTLS ones Curl_nss_ - prefix for NSS ones - Curl_qssl_ - prefix for QsoSSL ones Curl_gskit_ - prefix for GSKit ones Curl_polarssl_ - prefix for PolarSSL ones Curl_cyassl_ - prefix for CyaSSL ones diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 217b1d358..4c29d98a2 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -26,7 +26,6 @@ #include "openssl.h" /* OpenSSL versions */ #include "gtls.h" /* GnuTLS versions */ #include "nssg.h" /* NSS versions */ -#include "qssl.h" /* QSOSSL versions */ #include "gskit.h" /* Global Secure ToolKit versions */ #include "polarssl.h" /* PolarSSL versions */ #include "axtls.h" /* axTLS versions */ diff --git a/lib/x509asn1.c b/lib/x509asn1.c index 1f87155a6..31ea5de00 100644 --- a/lib/x509asn1.c +++ b/lib/x509asn1.c @@ -22,7 +22,7 @@ #include "curl_setup.h" -#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) +#if defined(USE_GSKIT) || defined(USE_NSS) #include <curl/curl.h> #include "urldata.h" @@ -1019,9 +1019,9 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, return CURLE_OK; } -#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ +#endif /* USE_GSKIT or USE_NSS */ -#if defined(USE_QSOSSL) || defined(USE_GSKIT) +#if defined(USE_GSKIT) static const char * checkOID(const char * beg, const char * end, const char * oid) @@ -1180,4 +1180,4 @@ CURLcode Curl_verifyhost(struct connectdata * conn, return CURLE_PEER_FAILED_VERIFICATION; } -#endif /* USE_QSOSSL or USE_GSKIT */ +#endif /* USE_GSKIT */ diff --git a/lib/x509asn1.h b/lib/x509asn1.h index 1741d6dca..274d728b7 100644 --- a/lib/x509asn1.h +++ b/lib/x509asn1.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,7 +25,7 @@ #include "curl_setup.h" -#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) +#if defined(USE_GSKIT) || defined(USE_NSS) #include "urldata.h" @@ -125,5 +125,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum, CURLcode Curl_verifyhost(struct connectdata * conn, const char * beg, const char * end); -#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ +#endif /* USE_GSKIT or USE_NSS */ #endif /* HEADER_CURL_X509ASN1_H */ diff --git a/packages/OS400/README.OS400 b/packages/OS400/README.OS400 index b0bdf8e75..6f8f58fad 100644 --- a/packages/OS400/README.OS400 +++ b/packages/OS400/README.OS400 @@ -39,12 +39,9 @@ header files are thus altered during build process to use this pragma, in order to force libcurl enums of being type int (the pragma disposition in use before inclusion is restored before resuming the including unit compilation). - Two SSL implementations are available to libcurl on OS/400: QsoSSL which is -obsolescent, does not support asynchronous I/O and only allows a single SSL -context within a job, and GSKit that does not suffer from these limitations -and is able to provide some information about the server certificate. - Both implementations of SSL are working on "certificate stores" or keyrings, -rather than individual certificate/key files. Certificate stores, as weel as + Secure socket layer is provided by the IBM GSKit API: unlike other SSL +implementations, GSKit is based on "certificate stores" or keyrings +rather than individual certificate/key files. Certificate stores, as well as "certificate labels" are managed by external IBM-defined applications. There are two ways to specify an SSL context: - By an application identifier. @@ -213,8 +210,6 @@ _ As a prerequisite, QADRT development environment must be installed. _ Install the curl source directory in IFS. _ Enter shell (QSH) _ Change current directory to the curl installation directory -- If the SSL backend has to be changed, edit file lib/config-os400.h - accordingly. _ Change current directory to ./packages/OS400 _ Edit file iniscript.sh. You may want to change tunable configuration parameters, like debug info generation, optimisation level, listing option, diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in index f77bcae10..39adc6a12 100644 --- a/packages/OS400/curl.inc.in +++ b/packages/OS400/curl.inc.in @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1385,7 +1385,7 @@ d c 2 d CURLSSLBACKEND_NSS... d c 3 - d CURLSSLBACKEND_QSOSSL... + d CURLSSLBACKEND_OBSOLETE4... d c 4 d CURLSSLBACKEND_GSKIT... d c 5 diff --git a/packages/OS400/make-lib.sh b/packages/OS400/make-lib.sh index 42ac2f5fd..d987207f9 100644 --- a/packages/OS400/make-lib.sh +++ b/packages/OS400/make-lib.sh @@ -161,7 +161,7 @@ then MODULES= # formdata.c. However, there are some unsatisfied # external references leading in the following # modules to be (recursively) needed. - MODULES="${MODULES} EASY STRDUP SSLGEN QSSL HOSTIP HOSTIP4 HOSTIP6" + MODULES="${MODULES} EASY STRDUP SSLGEN GSKIT HOSTIP HOSTIP4 HOSTIP6" MODULES="${MODULES} URL HASH TRANSFER GETINFO COOKIE SENDF SELECT" MODULES="${MODULES} INET_NTOP SHARE HOSTTHRE MULTI LLIST FTP HTTP" MODULES="${MODULES} HTTP_DIGES HTTP_CHUNK HTTP_NEGOT TIMEVAL HOSTSYN" diff --git a/packages/OS400/os400sys.c b/packages/OS400/os400sys.c index fd3cf6e0f..c67f9c92e 100644 --- a/packages/OS400/os400sys.c +++ b/packages/OS400/os400sys.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -42,10 +42,6 @@ #include <zlib.h> #endif -#ifdef USE_QSOSSL -#include <qsossl.h> -#endif - #ifdef USE_GSKIT #include <gskssl.h> #include <qsoasync.h> @@ -370,102 +366,6 @@ Curl_getaddrinfo_a(const char * nodename, const char * servname, } -#ifdef USE_QSOSSL - -/* ASCII wrappers for the SSL procedures. */ - -int -Curl_SSL_Init_Application_a(SSLInitApp * init_app) - -{ - int rc; - unsigned int i; - SSLInitApp ia; - - if(!init_app || !init_app->applicationID || !init_app->applicationIDLen) - return SSL_Init_Application(init_app); - - memcpy((char *) &ia, (char *) init_app, sizeof ia); - i = ia.applicationIDLen; - - if(!(ia.applicationID = malloc(i + 1))) { - errno = ENOMEM; - return SSL_ERROR_IO; - } - - QadrtConvertA2E(ia.applicationID, init_app->applicationID, i, i); - ia.applicationID[i] = '\0'; - rc = SSL_Init_Application(&ia); - free(ia.applicationID); - init_app->localCertificateLen = ia.localCertificateLen; - init_app->sessionType = ia.sessionType; - return rc; -} - - -int -Curl_SSL_Init_a(SSLInit * init) - -{ - int rc; - unsigned int i; - SSLInit ia; - - if(!init || (!init->keyringFileName && !init->keyringPassword)) - return SSL_Init(init); - - memcpy((char *) &ia, (char *) init, sizeof ia); - - if(ia.keyringFileName) { - i = strlen(ia.keyringFileName); - - if(!(ia.keyringFileName = malloc(i + 1))) { - errno = ENOMEM; - return SSL_ERROR_IO; - } - - QadrtConvertA2E(ia.keyringFileName, init->keyringFileName, i, i); - ia.keyringFileName[i] = '\0'; - } - - if(ia.keyringPassword) { - i = strlen(ia.keyringPassword); - - if(!(ia.keyringPassword = malloc(i + 1))) { - if(ia.keyringFileName) - free(ia.keyringFileName); - - errno = ENOMEM; - return SSL_ERROR_IO; - } - - QadrtConvertA2E(ia.keyringPassword, init->keyringPassword, i, i); - ia.keyringPassword[i] = '\0'; - } - - rc = SSL_Init(&ia); - - if(ia.keyringFileName) - free(ia.keyringFileName); - - if(ia.keyringPassword) - free(ia.keyringPassword); - - return rc; -} - - -char * -Curl_SSL_Strerror_a(int sslreturnvalue, SSLErrorMsg * serrmsgp) - -{ - return set_thread_string(LK_SSL_ERROR, - SSL_Strerror(sslreturnvalue, serrmsgp)); -} - -#endif /* USE_QSOSSL */ - - #ifdef USE_GSKIT /* ASCII wrappers for the GSKit procedures. */ diff --git a/packages/Symbian/group/libcurl.mmp b/packages/Symbian/group/libcurl.mmp index 5d7410abb..c7db9cf06 100644 --- a/packages/Symbian/group/libcurl.mmp +++ b/packages/Symbian/group/libcurl.mmp @@ -31,7 +31,7 @@ SOURCE \ http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c \ hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c \ select.c vtls/gtls.c vtls/vtls.c tftp.c splay.c strdup.c socks.c \ - ssh.c vtls/nss.c vtls/qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c \ + ssh.c vtls/nss.c rawstr.c curl_addrinfo.c socks_gssapi.c \ socks_sspi.c curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c \ pop3.c smtp.c pingpong.c rtsp.c curl_threads.c warnless.c hmac.c \ vtls/polarssl.c curl_rtmp.c openldap.c curl_gethostname.c gopher.c \ diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c index 2a67b1358..fd60c2315 100644 --- a/tests/unit/unit1397.c +++ b/tests/unit/unit1397.c @@ -15,8 +15,7 @@ static void unit_stop( void ) UNITTEST_START /* only these backends define the tested functions */ -#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \ - defined(USE_GSKIT) +#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_GSKIT) /* here you start doing things and checking that the results are good */ |