aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/vtls/openssl.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index e07202693..300d7e2e6 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1797,7 +1797,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
disable "rfc4507bis session ticket support". rfc4507bis was later turned
- into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
+ into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
The enabled extension concerns the session management. I wonder how often
libcurl stops a connection and then resumes a TLS session. also, sending
@@ -1817,7 +1817,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
this option regardless of OpenSSL version and SSL_OP_ALL definition.
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
- (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+ (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
@@ -2597,23 +2597,23 @@ static CURLcode pkp_pin_peer_pubkey(X509* cert, const char *pinnedpubkey)
/* Begin Gyrations to get the subjectPublicKeyInfo */
/* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
- /* http://groups.google.com/group/mailing.openssl.users/browse_thread
+ /* https://groups.google.com/group/mailing.openssl.users/browse_thread
/thread/d61858dae102c6c7 */
len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
if(len1 < 1)
break; /* failed */
- /* http://www.openssl.org/docs/crypto/buffer.html */
+ /* https://www.openssl.org/docs/crypto/buffer.html */
buff1 = temp = OPENSSL_malloc(len1);
if(!buff1)
break; /* failed */
- /* http://www.openssl.org/docs/crypto/d2i_X509.html */
+ /* https://www.openssl.org/docs/crypto/d2i_X509.html */
len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
/*
* These checks are verifying we got back the same values as when we
- * sized the buffer.Its pretty weak since they should always be the
+ * sized the buffer. It's pretty weak since they should always be the
* same. But it gives us something to test.
*/
if((len1 != len2) || !temp || ((temp - buff1) != len1))
@@ -2625,7 +2625,7 @@ static CURLcode pkp_pin_peer_pubkey(X509* cert, const char *pinnedpubkey)
result = Curl_pin_peer_pubkey(pinnedpubkey, buff1, len1);
} while(0);
- /* http://www.openssl.org/docs/crypto/buffer.html */
+ /* https://www.openssl.org/docs/crypto/buffer.html */
if(buff1)
OPENSSL_free(buff1);
@@ -3096,7 +3096,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
default:
/* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
value/errno" */
- /* http://www.openssl.org/docs/crypto/ERR_get_error.html */
+ /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
sslerror = ERR_get_error();
if((nread < 0) || sslerror) {
/* If the return code was negative or there actually is an error in the