aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Zitzmann <nickzman@gmail.com>2015-03-21 12:22:56 -0500
committerNick Zitzmann <nickzman@gmail.com>2015-03-21 12:22:56 -0500
commit7f5a17044281bae546ff749543caa68c2a2443d6 (patch)
tree706b8f2c6a1535c38580c6c34ad65e2beffdde0c
parented429b72d7dee4f63f1e1abc10b52e7b0739da82 (diff)
darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
-rw-r--r--docs/curl.13
-rw-r--r--docs/libcurl/opts/CURLOPT_SSL_FALSESTART.34
-rw-r--r--lib/vtls/darwinssl.c13
-rw-r--r--lib/vtls/darwinssl.h2
4 files changed, 18 insertions, 4 deletions
diff --git a/docs/curl.1 b/docs/curl.1
index 2846b6938..67bf8effc 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -569,7 +569,8 @@ mode where a TLS client will start sending application data before verifying
the server's Finished message, thus saving a round trip when performing a full
handshake.
-This is currently only implemented in the NSS backend.
+This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
+or later, or OS X 10.9 or later) backends.
(Added in 7.42.0)
.IP "-f, --fail"
(HTTP) Fail silently (no output at all) on server errors. This is mostly done
diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
index 7d88fc4c6..31a05e68e 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
@@ -41,8 +41,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY
-Added in 7.42.0. This option is currently only supported by the NSS TLS
-backend.
+Added in 7.42.0. This option is currently only supported by the NSS and
+Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.
.SH RETURN VALUE
Returns CURLE_OK if false start is supported by the SSL backend, otherwise
returns CURLE_NOT_BUILT_IN.
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 01e308130..03adcef28 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1459,9 +1459,12 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
/* We want to enable 1/n-1 when using a CBC cipher unless the user
specifically doesn't want us doing that: */
- if(SSLSetSessionOption != NULL)
+ if(SSLSetSessionOption != NULL) {
SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
!data->set.ssl_enable_beast);
+ SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart,
+ data->set.ssl.falsestart); /* false start support */
+ }
#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
/* Check if there's a cached ID we can/should use here! */
@@ -2364,6 +2367,14 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
(void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
}
+bool Curl_darwinssl_false_start(void) {
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
+ if(SSLSetSessionOption != NULL)
+ return TRUE;
+#endif
+ return FALSE;
+}
+
static ssize_t darwinssl_send(struct connectdata *conn,
int sockindex,
const void *mem,
diff --git a/lib/vtls/darwinssl.h b/lib/vtls/darwinssl.h
index ae6868265..3bb69c01a 100644
--- a/lib/vtls/darwinssl.h
+++ b/lib/vtls/darwinssl.h
@@ -48,6 +48,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len);
+bool Curl_darwinssl_false_start(void);
/* Set the API backend definition to SecureTransport */
#define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL
@@ -69,6 +70,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
#define curlssl_random(x,y,z) ((void)x, Curl_darwinssl_random(y,z))
#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
+#define curlssl_false_start() Curl_darwinssl_false_start()
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */