GnuTLS support added. There's now a "generic" SSL layer that we use all over

internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls
author: Daniel Stenberg <daniel@haxx.se> 2005-04-07 15:27:13 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-04-07 15:27:13 +0000
commit: 6e619393824922118317689ef59a73c556b7ef98 (patch)
tree: 87adafabc035fe32f74e78cba20220986a8fe039 /lib/url.c
parent: 015a6181725a654fb6d1eb8ff55e116ea15dc89a (diff)
1 files changed, 14 insertions, 106 deletions
diff --git a/lib/url.c b/lib/url.c
index 9d62f4290..7174e8cf0 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -102,7 +102,7 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 
 #include "formdata.h"
 #include "base64.h"
-#include "ssluse.h"
+#include "sslgen.h"
 #include "hostip.h"
 #include "transfer.h"
 #include "sendf.h"
@@ -154,7 +154,6 @@ static bool ConnectionExists(struct SessionHandle *data,
                              struct connectdata **usethis);
 static long ConnectionStore(struct SessionHandle *data,
                             struct connectdata *conn);
-static bool safe_strequal(char* str1, char* str2);
 
 #ifndef USE_ARES
 /* not for Win32, unless it is cygwin
@@ -211,11 +210,8 @@ CURLcode Curl_close(struct SessionHandle *data)
     }
   }
 
-#ifdef USE_SSLEAY
   /* Close down all open SSL info and sessions */
-  Curl_SSL_Close_All(data);
-#endif
-
+  Curl_ssl_close_all(data);
   Curl_safefree(data->state.first_host);
   Curl_safefree(data->state.scratch);
 
@@ -832,7 +828,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
   {
     long auth = va_arg(param, long);
     /* switch off bits we can't support */
-#if ! defined(USE_SSLEAY) && !defined(USE_WINDOWS_SSPI)
+#ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
 #ifndef HAVE_GSSAPI
@@ -852,7 +848,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
   {
     long auth = va_arg(param, long);
     /* switch off bits we can't support */
-#ifndef USE_SSLEAY
+#ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
 #ifndef HAVE_GSSAPI
@@ -1153,14 +1149,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
      */
     argptr = va_arg(param, char *);
     if (argptr && argptr[0])
-       result = Curl_SSL_set_engine(data, argptr);
+       result = Curl_ssl_set_engine(data, argptr);
     break;
 
   case CURLOPT_SSLENGINE_DEFAULT:
     /*
      * flag to set engine as default.
      */
-    result = Curl_SSL_set_engine_default(data);
+    result = Curl_ssl_set_engine_default(data);
     break;
   case CURLOPT_CRLF:
     /*
@@ -1450,9 +1446,7 @@ CURLcode Curl_disconnect(struct connectdata *conn)
 
     data->state.authproblem = FALSE;
 
-#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)
     Curl_ntlm_cleanup(conn);
-#endif
   }
 
   if(conn->curl_disconnect)
@@ -1481,7 +1475,7 @@ CURLcode Curl_disconnect(struct connectdata *conn)
                                        freed with idn_free() since this was
                                        allocated by libidn */
 #endif
-  Curl_SSL_Close(conn);
+  Curl_ssl_close(conn);
 
   /* close possibly still open sockets */
   if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
@@ -2419,10 +2413,10 @@ static CURLcode CreateConnection(struct SessionHandle *data,
 
       if(checkprefix("GOPHER.", conn->host.name))
         strcpy(conn->protostr, "gopher");
-#ifdef USE_SSLEAY
+#ifdef USE_SSL
       else if(checkprefix("FTPS", conn->host.name))
         strcpy(conn->protostr, "ftps");
-#endif /* USE_SSLEAY */
+#endif /* USE_SSL */
       else if(checkprefix("FTP.", conn->host.name))
         strcpy(conn->protostr, "ftp");
       else if(checkprefix("TELNET.", conn->host.name))
@@ -2728,7 +2722,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
 #endif
   }
   else if (strequal(conn->protostr, "HTTPS")) {
-#if defined(USE_SSLEAY) && !defined(CURL_DISABLE_HTTP)
+#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)
 
     conn->port = (data->set.use_port && data->state.allow_port)?
       data->set.use_port:PORT_HTTPS;
@@ -2740,11 +2734,11 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     conn->curl_done = Curl_http_done;
     conn->curl_connect = Curl_http_connect;
 
-#else /* USE_SSLEAY */
+#else /* USE_SS */
     failf(data, LIBCURL_NAME
           " was built with SSL disabled, https: not supported!");
     return CURLE_UNSUPPORTED_PROTOCOL;
-#endif /* !USE_SSLEAY */
+#endif /* !USE_SSL */
   }
   else if (strequal(conn->protostr, "GOPHER")) {
 #ifndef CURL_DISABLE_GOPHER
@@ -2774,7 +2768,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     int port = PORT_FTP;
 
     if(strequal(conn->protostr, "FTPS")) {
-#ifdef USE_SSLEAY
+#ifdef USE_SSL
       conn->protocol |= PROT_FTPS|PROT_SSL;
       conn->ssl[SECONDARYSOCKET].use = TRUE; /* send data securely */
       port = PORT_FTPS;
@@ -2782,7 +2776,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
       failf(data, LIBCURL_NAME
             " was built with SSL disabled, ftps: not supported!");
       return CURLE_UNSUPPORTED_PROTOCOL;
-#endif /* !USE_SSLEAY */
+#endif /* !USE_SSL */
     }
 
     conn->port = (data->set.use_port && data->state.allow_port)?
@@ -3739,89 +3733,3 @@ CURLcode Curl_do_more(struct connectdata *conn)
   return result;
 }
 
-static bool safe_strequal(char* str1, char* str2)
-{
-  if(str1 && str2)
-    /* both pointers point to something then compare them */
-    return strequal(str1, str2);
-  else
-    /* if both pointers are NULL then treat them as equal */
-    return (!str1 && !str2);
-}
-
-bool
-Curl_ssl_config_matches(struct ssl_config_data* data,
-                        struct ssl_config_data* needle)
-{
-  if((data->version == needle->version) &&
-     (data->verifypeer == needle->verifypeer) &&
-     (data->verifyhost == needle->verifyhost) &&
-     safe_strequal(data->CApath, needle->CApath) &&
-     safe_strequal(data->CAfile, needle->CAfile) &&
-     safe_strequal(data->random_file, needle->random_file) &&
-     safe_strequal(data->egdsocket, needle->egdsocket) &&
-     safe_strequal(data->cipher_list, needle->cipher_list))
-    return TRUE;
-
-  return FALSE;
-}
-
-bool
-Curl_clone_ssl_config(struct ssl_config_data *source,
-                      struct ssl_config_data *dest)
-{
-  dest->verifyhost = source->verifyhost;
-  dest->verifypeer = source->verifypeer;
-  dest->version = source->version;
-
-  if(source->CAfile) {
-    dest->CAfile = strdup(source->CAfile);
-    if(!dest->CAfile)
-      return FALSE;
-  }
-
-  if(source->CApath) {
-    dest->CApath = strdup(source->CApath);
-    if(!dest->CApath)
-      return FALSE;
-  }
-
-  if(source->cipher_list) {
-    dest->cipher_list = strdup(source->cipher_list);
-    if(!dest->cipher_list)
-      return FALSE;
-  }
-
-  if(source->egdsocket) {
-    dest->egdsocket = strdup(source->egdsocket);
-    if(!dest->egdsocket)
-      return FALSE;
-  }
-
-  if(source->random_file) {
-    dest->random_file = strdup(source->random_file);
-    if(!dest->random_file)
-      return FALSE;
-  }
-
-  return TRUE;
-}
-
-void Curl_free_ssl_config(struct ssl_config_data* sslc)
-{
-  if(sslc->CAfile)
-    free(sslc->CAfile);
-
-  if(sslc->CApath)
-    free(sslc->CApath);
-
-  if(sslc->cipher_list)
-    free(sslc->cipher_list);
-
-  if(sslc->egdsocket)
-    free(sslc->egdsocket);
-
-  if(sslc->random_file)
-    free(sslc->random_file);
-}
-
author	Daniel Stenberg <daniel@haxx.se>	2005-04-07 15:27:13 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-04-07 15:27:13 +0000
commit	6e619393824922118317689ef59a73c556b7ef98 (patch)
tree	87adafabc035fe32f74e78cba20220986a8fe039 /lib/url.c
parent	015a6181725a654fb6d1eb8ff55e116ea15dc89a (diff)