diff options
author | Nick Zitzmann <nickzman@gmail.com> | 2015-03-21 12:22:56 -0500 |
---|---|---|
committer | Nick Zitzmann <nickzman@gmail.com> | 2015-03-21 12:22:56 -0500 |
commit | 7f5a17044281bae546ff749543caa68c2a2443d6 (patch) | |
tree | 706b8f2c6a1535c38580c6c34ad65e2beffdde0c | |
parent | ed429b72d7dee4f63f1e1abc10b52e7b0739da82 (diff) |
darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
-rw-r--r-- | docs/curl.1 | 3 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 | 4 | ||||
-rw-r--r-- | lib/vtls/darwinssl.c | 13 | ||||
-rw-r--r-- | lib/vtls/darwinssl.h | 2 |
4 files changed, 18 insertions, 4 deletions
diff --git a/docs/curl.1 b/docs/curl.1 index 2846b6938..67bf8effc 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -569,7 +569,8 @@ mode where a TLS client will start sending application data before verifying the server's Finished message, thus saving a round trip when performing a full handshake. -This is currently only implemented in the NSS backend. +This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 +or later, or OS X 10.9 or later) backends. (Added in 7.42.0) .IP "-f, --fail" (HTTP) Fail silently (no output at all) on server errors. This is mostly done diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 index 7d88fc4c6..31a05e68e 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 @@ -41,8 +41,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE TODO .SH AVAILABILITY -Added in 7.42.0. This option is currently only supported by the NSS TLS -backend. +Added in 7.42.0. This option is currently only supported by the NSS and +Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends. .SH RETURN VALUE Returns CURLE_OK if false start is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN. diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 01e308130..03adcef28 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -1459,9 +1459,12 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 /* We want to enable 1/n-1 when using a CBC cipher unless the user specifically doesn't want us doing that: */ - if(SSLSetSessionOption != NULL) + if(SSLSetSessionOption != NULL) { SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord, !data->set.ssl_enable_beast); + SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart, + data->set.ssl.falsestart); /* false start support */ + } #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ /* Check if there's a cached ID we can/should use here! */ @@ -2364,6 +2367,14 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum); } +bool Curl_darwinssl_false_start(void) { +#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 + if(SSLSetSessionOption != NULL) + return TRUE; +#endif + return FALSE; +} + static ssize_t darwinssl_send(struct connectdata *conn, int sockindex, const void *mem, diff --git a/lib/vtls/darwinssl.h b/lib/vtls/darwinssl.h index ae6868265..3bb69c01a 100644 --- a/lib/vtls/darwinssl.h +++ b/lib/vtls/darwinssl.h @@ -48,6 +48,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ size_t md5len); +bool Curl_darwinssl_false_start(void); /* Set the API backend definition to SecureTransport */ #define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL @@ -69,6 +70,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ #define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y) #define curlssl_random(x,y,z) ((void)x, Curl_darwinssl_random(y,z)) #define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d) +#define curlssl_false_start() Curl_darwinssl_false_start() #endif /* USE_DARWINSSL */ #endif /* HEADER_CURL_DARWINSSL_H */ |