diff options
| -rw-r--r-- | configure.ac | 58 | ||||
| -rw-r--r-- | lib/Makefile.inc | 4 | ||||
| -rw-r--r-- | lib/axtls.c | 139 | ||||
| -rw-r--r-- | lib/axtls.h | 72 | ||||
| -rw-r--r-- | lib/http.c | 20 | ||||
| -rw-r--r-- | lib/setup.h | 2 | ||||
| -rw-r--r-- | lib/sslgen.c | 1 | ||||
| -rw-r--r-- | lib/urldata.h | 8 |
8 files changed, 295 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac index c75f4d156..58e286f30 100644 --- a/configure.ac +++ b/configure.ac @@ -140,7 +140,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl} )" + curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,axtls} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_krb4_msg="no (--with-krb4*)" @@ -156,6 +156,7 @@ curl_verbose_msg="enabled (--disable-verbose)" curl_ldaps_msg="no (--enable-ldaps)" curl_rtsp_msg="no (--enable-rtsp)" curl_rtmp_msg="no (--with-librtmp)" + init_ssl_msg=${curl_ssl_msg} dnl dnl Save anything in $LIBS for later @@ -1933,7 +1934,60 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1 -if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED" = "x"; then +OPT_AXTLS=off + +AC_ARG_WITH(axtls,dnl +AC_HELP_STRING([--with-axtls=PATH],[Where to look for axTLS, PATH points to the axTLS installation (default: /usr/local/lib). Ignored if another SSL engine is selected.]) +AC_HELP_STRING([--without-axtls], [disable axTLS]), + OPT_AXTLS=$withval) + +if test "$curl_ssl_msg" = "$init_ssl_msg"; then + if test X"$OPT_AXTLS" != Xno; then + dnl backup the pre-axtls variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_AXTLS" in + yes) + dnl --with-axtls (without path) used + PREFIX_AXTLS=/usr/local/lib + LIB_AXTLS="$PREFIX_AXTLS" + ;; + off) + dnl no --with-axtls option given, just check default places + PREFIX_AXTLS= + ;; + *) + dnl check the given --with-axtls spot + PREFIX_AXTLS=$OPT_AXTLS + LIB_AXTLS="$PREFIX_AXTLS" + LDFLAGS="$LDFLAGS -L$LIB_AXTLS" + CPPFLAGS="$CPPFLAGS -I$PREFIX_AXTLS/ssl" + ;; + esac + + AC_CHECK_LIB(axtls, ssl_version,[ + LIBS="-laxtls $LIBS" + AC_DEFINE(USE_AXTLS, 1, [if axTLS is enabled]) + AC_SUBST(USE_AXTLS, [1]) + AXTLS_ENABLED=1 + USE_AXTLS="yes" + curl_ssl_msg="enabled (axTLS)" + + + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $LIB_AXTLS to LD_LIBRARY_PATH]) + ],[ + LDFLAGS="$CLEANLDFLAGS" + CPPFLAGS="$CLEANCPPFLAGS" + LIBS="$CLEANLIBS" + ]) + fi +fi + +if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED" = "x"; then AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl or --with-nss to address this.]) else diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 41ab8277d..f2a230e66 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -21,7 +21,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c \ curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c \ warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\ - gopher.c + gopher.c axtls.c HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ @@ -36,5 +36,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \ - gopher.h + gopher.h axtls.h diff --git a/lib/axtls.c b/lib/axtls.c new file mode 100644 index 000000000..9a253bc1e --- /dev/null +++ b/lib/axtls.c @@ -0,0 +1,139 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, DirecTV + * contact: Eric Hu <ehu@directv.com> + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * Source file for all axTLS-specific code for the TLS/SSL layer. No code + * but sslgen.c should ever call or use these functions. + */ + +#include "setup.h" +#ifdef USE_AXTLS +#include <axTLS/ssl.h> +#include "axtls.h" + +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#include "sendf.h" +#include "inet_pton.h" +#include "sslgen.h" +#include "parsedate.h" +#include "connect.h" /* for the connect timeout */ +#include "select.h" +#define _MPRINTF_REPLACE /* use our functions only */ +#include <curl/mprintf.h> +#include "memory.h" +/* The last #include file should be: */ +#include "memdebug.h" + +/* Global axTLS init, called from Curl_ssl_init() */ +int Curl_axtls_init(void) +{ + return 1; +} + +int Curl_axtls_cleanup(void) +{ + return 1; +} + +/* + * This function is called after the TCP connect has completed. Setup the TLS + * layer and do all necessary magic. + */ +CURLcode +Curl_axtls_connect(struct connectdata *conn, + int sockindex) + +{ + return CURLE_OK; +} + + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_axtls_send(struct connectdata *conn, + int sockindex, + const void *mem, + size_t len) +{ + return 0; +} + +void Curl_axtls_close_all(struct SessionHandle *data) +{ +} + +void Curl_axtls_close(struct connectdata *conn, int sockindex) +{ +} + +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) +{ + return 0; +} + +/* + * If the read would block we return -1 and set 'wouldblock' to TRUE. + * Otherwise we return the amount of data read. Other errors should return -1 + * and set 'wouldblock' to FALSE. + */ +ssize_t Curl_axtls_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock) +{ + return 0; +} + +/* + * This function uses SSL_peek to determine connection status. + * + * Return codes: + * 1 means the connection is still in place + * 0 means the connection has been closed + * -1 means the connection status is unknown + */ +int Curl_axtls_check_cxn(struct connectdata *conn) +{ + return 0; +} + +void Curl_axtls_session_free(void *ptr) +{ +} + +size_t Curl_axtls_version(char *buffer, size_t size) +{ + return snprintf(buffer, size, "axTLS/1.2.7"); +} + +#endif /* USE_AXTLS */ diff --git a/lib/axtls.h b/lib/axtls.h new file mode 100644 index 000000000..ba62eecbf --- /dev/null +++ b/lib/axtls.h @@ -0,0 +1,72 @@ +#ifndef __AXTLS_H +#define __AXTLS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, DirecTV + * contact: Eric Hu <ehu@directv.com> + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#ifdef USE_AXTLS +#include "curl/curl.h" +#include "urldata.h" + +int Curl_axtls_init(void); +int Curl_axtls_cleanup(void); +CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex); + +/* tell axTLS to close down all open information regarding connections (and + thus session ID caching etc) */ +void Curl_axtls_close_all(struct SessionHandle *data); + + /* close a SSL connection */ +void Curl_axtls_close(struct connectdata *conn, int sockindex); + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_axtls_send(struct connectdata *conn, int sockindex, + const void *mem, size_t len); +ssize_t Curl_axtls_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock); +void Curl_axtls_session_free(void *ptr); +size_t Curl_axtls_version(char *buffer, size_t size); +int Curl_axtls_shutdown(struct connectdata *conn, int sockindex); +int Curl_axtls_check_cxn(struct connectdata *conn); + +/* API setup for axTLS */ +#define curlssl_init Curl_axtls_init +#define curlssl_cleanup Curl_axtls_cleanup +#define curlssl_connect Curl_axtls_connect +#define curlssl_session_free(x) Curl_axtls_session_free(x) +#define curlssl_close_all Curl_axtls_close_all +#define curlssl_close Curl_axtls_close +#define curlssl_shutdown(x,y) Curl_axtls_shutdown(x,y) +#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT) +#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT) +#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL) +#define curlssl_send Curl_axtls_send +#define curlssl_recv Curl_axtls_recv +#define curlssl_version Curl_axtls_version +#define curlssl_check_cxn(x) Curl_axtls_check_cxn(x) +#define curlssl_data_pending(x,y) (x=x, y=y, 0) + +#endif /* USE_AXTLS */ +#endif diff --git a/lib/http.c b/lib/http.c index e35437f1e..2cf4dd2d3 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1881,10 +1881,22 @@ static int https_getsock(struct connectdata *conn, (void)numsocks; return GETSOCK_BLANK; } -#endif -#endif -#endif -#endif +#else +#ifdef USE_AXTLS +static int https_getsock(struct connectdata *conn, + curl_socket_t *socks, + int numsocks) +{ + (void)conn; + (void)socks; + (void)numsocks; + return GETSOCK_BLANK; +} +#endif /* USE_AXTLS */ +#endif /* USE_POLARSSL */ +#endif /* USE_QSOSSL */ +#endif /* USE_NSS */ +#endif /* USE_SSLEAY || USE_GNUTLS */ /* * Curl_http_done() gets called from Curl_done() after a single HTTP request diff --git a/lib/setup.h b/lib/setup.h index cc016c9cd..0902d2c6f 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -537,7 +537,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" -#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) +#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) #define USE_SSL /* SSL support has been enabled */ #endif diff --git a/lib/sslgen.c b/lib/sslgen.c index bd8dc1722..9ee3ab1d8 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -57,6 +57,7 @@ #include "nssg.h" /* NSS versions */ #include "qssl.h" /* QSOSSL versions */ #include "polarssl.h" /* PolarSSL versions */ +#include "axtls.h" /* axTLS versions */ #include "sendf.h" #include "rawstr.h" #include "url.h" diff --git a/lib/urldata.h b/lib/urldata.h index f4f678620..47f5f7962 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -120,6 +120,10 @@ #include <qsossl.h> #endif +#ifdef USE_AXTLS +#include <axTLS/ssl.h> +#endif /* USE_AXTLS */ + #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -268,6 +272,10 @@ struct ssl_connect_data { #ifdef USE_QSOSSL SSLHandle *handle; #endif /* USE_QSOSSL */ +#ifdef USE_AXTLS + SSL_CTX* ssl_ctx; + SSL* ssl; +#endif /* USE_AXTLS */ }; struct ssl_config_data { |