aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/ssluse.c80
-rw-r--r--lib/ssluse.h22
-rw-r--r--lib/strerror.c3
-rw-r--r--lib/url.c39
-rw-r--r--lib/urldata.h3
5 files changed, 102 insertions, 45 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 8b248628b..a10f2f5fd 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -482,6 +482,77 @@ void Curl_SSL_Close(struct connectdata *conn)
}
#endif
+
+/* Selects an OpenSSL crypto engine
+ */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+ ENGINE *e = ENGINE_by_id(engine);
+
+ if (!e) {
+ failf(data, "SSL Engine '%s' not found", engine);
+ return (CURLE_SSL_ENGINE_NOTFOUND);
+ }
+
+ if (data->engine) {
+ ENGINE_finish(data->engine);
+ ENGINE_free(data->engine);
+ }
+ data->engine = NULL;
+ if (!ENGINE_init(e)) {
+ ENGINE_free(e);
+ failf(data, "Failed to initialise SSL Engine '%s'", engine);
+ return (CURLE_SSL_ENGINE_INITFAILED);
+ }
+ data->engine = e;
+ return (CURLE_OK);
+#else
+ failf(data, "SSL Engine not supported");
+ return (CURLE_SSL_ENGINE_NOTFOUND);
+#endif
+}
+
+/* Sets above engine as default for all SSL operations
+ */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+ if (data->engine) {
+ if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
+ infof(data,"set default crypto engine %s\n", data->engine);
+ }
+ else {
+ failf(data, "set default crypto engine %s failed", data->engine);
+ return CURLE_SSL_ENGINE_SETFAILED;
+ }
+ }
+#else
+ (void) data;
+#endif
+ return (CURLE_OK);
+}
+
+/* Build the list of OpenSSL crypto engine names. Add to
+ * linked list at data->engine_list.
+ */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+ ENGINE *e;
+
+ /* Free previous list */
+ if (data->engine_list)
+ curl_slist_free_all(data->engine_list);
+
+ data->engine_list = NULL;
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ data->engine_list = curl_slist_append(data->engine_list, ENGINE_get_id(e));
+#endif
+ return (CURLE_OK);
+}
+
+
#ifdef USE_SSLEAY
/*
@@ -620,11 +691,15 @@ int Curl_SSL_Close_All(struct SessionHandle *data)
free(data->state.session);
}
#ifdef HAVE_OPENSSL_ENGINE_H
- if(data->engine)
- {
+ if(data->engine) {
+ ENGINE_finish(data->engine);
ENGINE_free(data->engine);
data->engine = NULL;
}
+ if (data->engine_list)
+ curl_slist_free_all(data->engine_list);
+ data->engine_list = NULL;
+
#endif
return 0;
}
@@ -1483,3 +1558,4 @@ Curl_SSLConnect(struct connectdata *conn,
#endif
return retcode;
}
+
diff --git a/lib/ssluse.h b/lib/ssluse.h
index 886d2ca13..ea7a378e5 100644
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@@ -1,10 +1,10 @@
#ifndef __SSLUSE_H
#define __SSLUSE_H
/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
@@ -12,7 +12,7 @@
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
- *
+ *
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
@@ -32,7 +32,17 @@ void Curl_SSL_cleanup(void); /* Global SSL cleanup */
CURLcode Curl_SSL_InitSessions(struct SessionHandle *, long);
void Curl_SSL_Close(struct connectdata *conn); /* close a SSL connection */
-/* tell the SSL stuff to close down all open information regarding
+/* tell the SSL stuff to close down all open information regarding
connections (and thus session ID caching etc) */
int Curl_SSL_Close_All(struct SessionHandle *data);
+
+/* Sets an OpenSSL engine */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine);
+
+/* Sets above engine as default for all SSL operations */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data);
+
+/* Build list of OpenSSL engines */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data);
+
#endif
diff --git a/lib/strerror.c b/lib/strerror.c
index 10cc80453..ae618c6e4 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -200,6 +200,9 @@ curl_easy_strerror(CURLcode error)
case CURLE_SSL_ENGINE_SETFAILED:
return "can not set SSL crypto engine as default";
+ case CURLE_SSL_ENGINE_INITFAILED:
+ return "failed to initialise SSL crypto engine";
+
case CURLE_SEND_ERROR:
return "failed sending data to the peer";
diff --git a/lib/url.c b/lib/url.c
index 7c1cf19be..4b077dfe2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -97,9 +97,6 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
#endif
#endif
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
#include "urldata.h"
#include "netrc.h"
@@ -1150,45 +1147,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
* String that holds the SSL crypto engine.
*/
argptr = va_arg(param, char *);
- if (argptr && argptr[0]) {
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- ENGINE *e = ENGINE_by_id(argptr);
- if (e) {
- if (data->engine) {
- ENGINE_free(data->engine);
- }
- data->engine = e;
- }
- else {
- failf(data, "SSL Engine '%s' not found", argptr);
- result = CURLE_SSL_ENGINE_NOTFOUND;
- }
-#else
- failf(data, "SSL Engine not supported");
- result = CURLE_SSL_ENGINE_NOTFOUND;
-#endif
- }
+ if (argptr && argptr[0])
+ result = Curl_SSL_set_engine(data, argptr);
break;
case CURLOPT_SSLENGINE_DEFAULT:
/*
* flag to set engine as default.
*/
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- if (data->engine) {
- if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
-#ifdef DEBUG
- fprintf(stderr,"set default crypto engine\n");
-#endif
- }
- else {
-#ifdef DEBUG
- failf(data, "set default crypto engine failed");
-#endif
- return CURLE_SSL_ENGINE_SETFAILED;
- }
- }
-#endif
+ result = Curl_SSL_set_engine_default(data);
break;
case CURLOPT_CRLF:
/*
diff --git a/lib/urldata.h b/lib/urldata.h
index 82af82e8d..bba17a649 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -974,7 +974,8 @@ struct SessionHandle {
other dynamic purposes */
struct PureInfo info; /* stats, reports and info data */
#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- ENGINE* engine;
+ ENGINE *engine;
+ struct curl_slist *engine_list; /* list of names from ENGINE_get_id() */
#endif /* USE_SSLEAY */
};