diff options
| author | Kyle L. Huff <code@curetheitch.com> | 2015-03-27 07:22:32 -0400 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-03-27 23:32:14 +0100 |
| commit | d2feb71752f193ced11c137bdf2026373ebc3dc5 (patch) | |
| tree | 7b2846a33303f9a9174cc60a00e8e0deff8a4576 | |
| parent | 211f1e3c6bf708e8809f10680d9d3a216d8a14b7 (diff) | |
cyassl: add SSL context callback support for CyaSSL
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 | 2 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 6 | ||||
| -rw-r--r-- | lib/vtls/cyassl.c | 18 | ||||
| -rw-r--r-- | lib/vtls/cyassl.h | 3 |
4 files changed, 25 insertions, 4 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 index 4873cdd1b..5fa432574 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 @@ -38,7 +38,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE TODO .SH AVAILABILITY -Added in 7.11.0. Only used with the OpenSSL backend. +Added in 7.11.0. Only used with the OpenSSL and WolfSSL/CyaSSL backend. .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 index 1e8dbe5a4..0b6a4468a 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 @@ -32,8 +32,8 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback); .SH DESCRIPTION -This option only works for libcurl powered by OpenSSL. If libcurl was built -against another SSL library, this functionality is absent. +This option only works for libcurl powered by OpenSSL and WolfSSL/CyaSSL. +If libcurl was built against another SSL library, this functionality is absent. Pass a pointer to your callback function, which should match the prototype shown above. @@ -63,7 +63,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE TODO .SH AVAILABILITY -Added in 7.11.0. Only supported when built with OpenSSL. +Added in 7.11.0. Only supported when built with OpenSSL and WolfSSL/CyaSSL. .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 32a4477cb..7a10eba12 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -201,6 +201,24 @@ cyassl_connect_step1(struct connectdata *conn, data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, NULL); + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + CURLcode result = CURLE_OK; + result = (*data->set.ssl.fsslctx)(data, conssl->ctx, + data->set.ssl.fsslctxp); + if(result) { + failf(data, "error signaled by ssl ctx callback"); + return result; + } + } +#ifdef NO_FILESYSTEM + else if(data->set.ssl.verifypeer) { + failf(data, "CyaSSL: unable to verify certificate; no certificate", + " authorities registered"); + return CURLE_SSL_CONNECT_ERROR; + } +#endif + /* Let's make an SSL structure */ if(conssl->handle) SSL_free(conssl->handle); diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h index b492ffa96..ba64ab2ca 100644 --- a/lib/vtls/cyassl.h +++ b/lib/vtls/cyassl.h @@ -46,6 +46,9 @@ int Curl_cyassl_random(struct SessionHandle *data, /* Set the API backend definition to Schannel */ #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL +/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */ +#define have_curlssl_ssl_ctx 1 + /* API setup for CyaSSL */ #define curlssl_init Curl_cyassl_init #define curlssl_cleanup() Curl_nop_stmt |