diff options
Diffstat (limited to 'lib/urldata.h')
-rw-r--r-- | lib/urldata.h | 169 |
1 files changed, 17 insertions, 152 deletions
diff --git a/lib/urldata.h b/lib/urldata.h index 0d0010fa7..ae73ba66a 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -82,71 +82,6 @@ #include "cookie.h" #include "formdata.h" -#ifdef USE_OPENSSL -#include <openssl/ssl.h> -#ifdef HAVE_OPENSSL_ENGINE_H -#include <openssl/engine.h> -#endif -#endif /* USE_OPENSSL */ - -#ifdef USE_GNUTLS -#include <gnutls/gnutls.h> -#endif - -#ifdef USE_MBEDTLS - -#include <mbedtls/ssl.h> -#include <mbedtls/version.h> -#include <mbedtls/entropy.h> -#include <mbedtls/ctr_drbg.h> - -#elif defined USE_POLARSSL - -#include <polarssl/ssl.h> -#include <polarssl/version.h> -#include <polarssl/entropy.h> -#include <polarssl/ctr_drbg.h> - -#endif /* USE_POLARSSL */ - -#ifdef USE_CYASSL -#undef OCSP_REQUEST /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */ -#undef OCSP_RESPONSE /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */ -#include <cyassl/openssl/ssl.h> -#endif - -#ifdef USE_NSS -#include <nspr.h> -#include <pk11pub.h> -#endif - -#ifdef USE_GSKIT -#include <gskssl.h> -#endif - -#ifdef USE_AXTLS -#include <axTLS/config.h> -#include <axTLS/ssl.h> -#undef malloc -#undef calloc -#undef realloc -#endif /* USE_AXTLS */ - -#if defined(USE_SCHANNEL) || defined(USE_WINDOWS_SSPI) -#include "curl_sspi.h" -#endif -#ifdef USE_SCHANNEL -#include <schnlsp.h> -#include <schannel.h> -#endif - -#ifdef USE_DARWINSSL -#include <Security/Security.h> -/* For some reason, when building for iOS, the omnibus header above does - * not include SecureTransport.h as of iOS SDK 5.1. */ -#include <Security/SecureTransport.h> -#endif - #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -236,20 +171,6 @@ enum protection_level { }; #endif -#ifdef USE_SCHANNEL -/* Structs to store Schannel handles */ -struct curl_schannel_cred { - CredHandle cred_handle; - TimeStamp time_stamp; - int refcount; -}; - -struct curl_schannel_ctxt { - CtxtHandle ctxt_handle; - TimeStamp time_stamp; -}; -#endif - /* enum for the nonblocking SSL connection state machine */ typedef enum { ssl_connect_1, @@ -266,6 +187,9 @@ typedef enum { ssl_connection_complete } ssl_connection_state; +/* SSL backend-specific data; declared differently by each SSL backend */ +struct ssl_backend_data; + /* struct for data related to each SSL connection */ struct ssl_connect_data { /* Use ssl encrypted communications TRUE/FALSE, not necessarily using it atm @@ -274,78 +198,8 @@ struct ssl_connect_data { bool use; ssl_connection_state state; ssl_connect_state connecting_state; -#if defined(USE_OPENSSL) - /* these ones requires specific SSL-types */ - SSL_CTX* ctx; - SSL* handle; - X509* server_cert; -#elif defined(USE_GNUTLS) - gnutls_session_t session; - gnutls_certificate_credentials_t cred; -#ifdef USE_TLS_SRP - gnutls_srp_client_credentials_t srp_client_cred; -#endif -#elif defined(USE_MBEDTLS) - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_ssl_context ssl; - int server_fd; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_x509_crl crl; - mbedtls_pk_context pk; - mbedtls_ssl_config config; - const char *protocols[3]; -#elif defined(USE_POLARSSL) - ctr_drbg_context ctr_drbg; - entropy_context entropy; - ssl_context ssl; - int server_fd; - x509_crt cacert; - x509_crt clicert; - x509_crl crl; - rsa_context rsa; -#elif defined(USE_CYASSL) - SSL_CTX* ctx; - SSL* handle; -#elif defined(USE_NSS) - PRFileDesc *handle; - char *client_nickname; - struct Curl_easy *data; - struct curl_llist obj_list; - PK11GenericObject *obj_clicert; -#elif defined(USE_GSKIT) - gsk_handle handle; - int iocport; - int localfd; - int remotefd; -#elif defined(USE_AXTLS) - SSL_CTX* ssl_ctx; - SSL* ssl; -#elif defined(USE_SCHANNEL) - struct curl_schannel_cred *cred; - struct curl_schannel_ctxt *ctxt; - SecPkgContext_StreamSizes stream_sizes; - size_t encdata_length, decdata_length; - size_t encdata_offset, decdata_offset; - unsigned char *encdata_buffer, *decdata_buffer; - /* encdata_is_incomplete: if encdata contains only a partial record that - can't be decrypted without another Curl_read_plain (that is, status is - SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes - more bytes into encdata then set this back to false. */ - bool encdata_is_incomplete; - unsigned long req_flags, ret_flags; - CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ - bool recv_sspi_close_notify; /* true if connection closed by close_notify */ - bool recv_connection_closed; /* true if connection closed, regardless how */ - bool use_alpn; /* true if ALPN is used for this connection */ -#elif defined(USE_DARWINSSL) - SSLContextRef ssl_ctx; - curl_socket_t ssl_sockfd; - bool ssl_direction; /* true if writing, false if reading */ - size_t ssl_write_buffered_length; -#elif defined(USE_SSL) -#error "SSL backend specific information missing from ssl_connect_data" +#if defined(USE_SSL) + struct ssl_backend_data *backend; #endif }; @@ -1175,6 +1029,16 @@ struct connectdata { char *unix_domain_socket; bool abstract_unix_socket; #endif + +#ifdef USE_SSL + /* + * To avoid multiple malloc() calls, the ssl_connect_data structures + * associated with a connectdata struct are allocated in the same block + * as the latter. This field forces alignment to an 8-byte boundary so + * that this all works. + */ + long long *align_data__do_not_use; +#endif }; /* The end of connectdata. */ @@ -1429,7 +1293,8 @@ struct UrlState { ares_channel f.e. */ #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) - ENGINE *engine; + /* void instead of ENGINE to avoid bleeding OpenSSL into this header */ + void *engine; #endif /* USE_OPENSSL */ struct curltime expiretime; /* set this with Curl_expire() only */ struct Curl_tree timenode; /* for the splay stuff */ |