diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.inc | 4 | ||||
| -rw-r--r-- | lib/Makefile.vc6 | 3 | ||||
| -rw-r--r-- | lib/config-dos.h | 21 | ||||
| -rw-r--r-- | lib/config-mac.h | 21 | ||||
| -rw-r--r-- | lib/config-os400.h | 21 | ||||
| -rw-r--r-- | lib/config-riscos.h | 23 | ||||
| -rw-r--r-- | lib/config-symbian.h | 21 | ||||
| -rw-r--r-- | lib/config-tpf.h | 21 | ||||
| -rw-r--r-- | lib/config-vms.h | 21 | ||||
| -rw-r--r-- | lib/config-vxworks.h | 21 | ||||
| -rw-r--r-- | lib/config-win32.h | 21 | ||||
| -rw-r--r-- | lib/config-win32ce.h | 21 | ||||
| -rw-r--r-- | lib/curl_ldap.h | 5 | ||||
| -rw-r--r-- | lib/cyassl.c | 571 | ||||
| -rw-r--r-- | lib/cyassl.h | 63 | ||||
| -rw-r--r-- | lib/file.c | 2 | ||||
| -rw-r--r-- | lib/http.c | 43 | ||||
| -rw-r--r-- | lib/netrc.c | 24 | ||||
| -rw-r--r-- | lib/nss.c | 12 | ||||
| -rw-r--r-- | lib/rawstr.h | 4 | ||||
| -rw-r--r-- | lib/setup.h | 2 | ||||
| -rw-r--r-- | lib/ssh.c | 20 | ||||
| -rw-r--r-- | lib/sslgen.c | 2 | ||||
| -rw-r--r-- | lib/transfer.c | 11 | ||||
| -rw-r--r-- | lib/transfer.h | 2 | ||||
| -rw-r--r-- | lib/url.c | 5 | ||||
| -rw-r--r-- | lib/urldata.h | 12 | ||||
| -rw-r--r-- | lib/version.c | 5 |
28 files changed, 911 insertions, 91 deletions
diff --git a/lib/Makefile.inc b/lib/Makefile.inc index c749168f3..a71900bcf 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -21,7 +21,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c \ curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c \ warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\ - gopher.c axtls.c idn_win32.c http_negotiate_sspi.c + gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ @@ -36,5 +36,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \ - gopher.h axtls.h + gopher.h axtls.h cyassl.h diff --git a/lib/Makefile.vc6 b/lib/Makefile.vc6 index cb4f0fb6f..eff17d021 100644 --- a/lib/Makefile.vc6 +++ b/lib/Makefile.vc6 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1999 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -493,6 +493,7 @@ X_OBJS= \ $(DIROBJ)\http_chunks.obj \
$(DIROBJ)\http_digest.obj \
$(DIROBJ)\http_negotiate.obj \
+ $(DIROBJ)\http_negotiate_sspi.obj \
$(DIROBJ)\http_ntlm.obj \
$(DIROBJ)\http.obj \
$(DIROBJ)\if2ip.obj \
diff --git a/lib/config-dos.h b/lib/config-dos.h index bb0315e2c..35d21aae2 100644 --- a/lib/config-dos.h +++ b/lib/config-dos.h @@ -1,5 +1,26 @@ #ifndef HEADER_CONFIG_DOS_H #define HEADER_CONFIG_DOS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* ================================================================ */ diff --git a/lib/config-mac.h b/lib/config-mac.h index 1f7950ab1..80af84e52 100644 --- a/lib/config-mac.h +++ b/lib/config-mac.h @@ -1,5 +1,26 @@ #ifndef __LIB_CONFIG_MAC_H #define __LIB_CONFIG_MAC_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* =================================================================== */ /* lib/config-mac.h - Hand crafted config file for Mac OS 9 */ diff --git a/lib/config-os400.h b/lib/config-os400.h index 370fc1138..8dba1e4cd 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -1,6 +1,27 @@ /* ================================================================ */ /* lib/config-os400.h - Hand crafted config file for OS/400 */ /* ================================================================ */ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ #pragma enum(int) diff --git a/lib/config-riscos.h b/lib/config-riscos.h index 84683aa26..5ccf68124 100644 --- a/lib/config-riscos.h +++ b/lib/config-riscos.h @@ -1,4 +1,25 @@ -/* curl_config.h.in. Generated automatically from configure.in by autoheader. */ +/* curl_config.h.in. Generated automatically from configure.in by autoheader. /*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + */ /* Name of this package! */ #undef PACKAGE diff --git a/lib/config-symbian.h b/lib/config-symbian.h index 9f8b74a57..24ed73327 100644 --- a/lib/config-symbian.h +++ b/lib/config-symbian.h @@ -1,4 +1,25 @@ /* config-symbian.h. Manually generated. */ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* when building libcurl itself */ /* #undef BUILDING_LIBCURL */ diff --git a/lib/config-tpf.h b/lib/config-tpf.h index 3e494f7c9..673753100 100644 --- a/lib/config-tpf.h +++ b/lib/config-tpf.h @@ -1,5 +1,26 @@ #ifndef __LIBCONFIGTPF_H #define __LIBCONFIGTPF_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* ================================================================ */ /* lib/config-tpf.h - Hand crafted config file for TPF */ diff --git a/lib/config-vms.h b/lib/config-vms.h index 73ef5c026..e3844f83b 100644 --- a/lib/config-vms.h +++ b/lib/config-vms.h @@ -1,5 +1,26 @@ #ifndef HEADER_CONFIG_VMS_H #define HEADER_CONFIG_VMS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* */ /* MSK, 02/05/04, Hand edited for trail build on Alpha V7.3, DEC C 6.5-003 */ diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h index f7797fd0e..8e2d05a27 100644 --- a/lib/config-vxworks.h +++ b/lib/config-vxworks.h @@ -1,5 +1,26 @@ #ifndef __LIB_CONFIG_VXWORKS_H #define __LIB_CONFIG_VXWORKS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* =============================================================== */ /* lib/config-vxworks.h - Hand crafted config file for VxWorks */ diff --git a/lib/config-win32.h b/lib/config-win32.h index c6fb7ae93..6768dda3c 100644 --- a/lib/config-win32.h +++ b/lib/config-win32.h @@ -1,5 +1,26 @@ #ifndef __LIB_CONFIG_WIN32_H #define __LIB_CONFIG_WIN32_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* ================================================================ */ /* lib/config-win32.h - Hand crafted config file for Windows */ diff --git a/lib/config-win32ce.h b/lib/config-win32ce.h index 3a5913e99..872334286 100644 --- a/lib/config-win32ce.h +++ b/lib/config-win32ce.h @@ -1,5 +1,26 @@ #ifndef __LIB_CONFIG_WIN32CE_H #define __LIB_CONFIG_WIN32CE_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ /* ================================================================ */ /* lib/config-win32ce.h - Hand crafted config file for windows ce */ diff --git a/lib/curl_ldap.h b/lib/curl_ldap.h index 3cce4bf7b..4cd13cfd2 100644 --- a/lib/curl_ldap.h +++ b/lib/curl_ldap.h @@ -25,8 +25,9 @@ #ifndef CURL_DISABLE_LDAP extern const struct Curl_handler Curl_handler_ldap; -#if (defined(USE_OPENLDAP) && defined(USE_SSL)) || \ - (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)) +#if !defined(CURL_DISABLE_LDAPS) && \ + ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \ + (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL))) extern const struct Curl_handler Curl_handler_ldaps; #endif diff --git a/lib/cyassl.c b/lib/cyassl.c new file mode 100644 index 000000000..3e15b1879 --- /dev/null +++ b/lib/cyassl.c @@ -0,0 +1,571 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code + * but sslgen.c should ever call or use these functions. + * + */ + +#include "setup.h" +#ifdef USE_CYASSL + +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + + +#include "urldata.h" +#include "sendf.h" +#include "inet_pton.h" +#include "cyassl.h" +#include "sslgen.h" +#include "parsedate.h" +#include "connect.h" /* for the connect timeout */ +#include "select.h" +#include "rawstr.h" + +#define _MPRINTF_REPLACE /* use our functions only */ +#include <curl/mprintf.h> +#include "curl_memory.h" +/* The last #include file should be: */ +#include "memdebug.h" + + +static Curl_recv cyassl_recv; +static Curl_send cyassl_send; + + +static int do_file_type(const char *type) +{ + if(!type || !type[0]) + return SSL_FILETYPE_PEM; + if(Curl_raw_equal(type, "PEM")) + return SSL_FILETYPE_PEM; + if(Curl_raw_equal(type, "DER")) + return SSL_FILETYPE_ASN1; + return -1; +} + +/* + * This function loads all the client/CA certificates and CRLs. Setup the TLS + * layer and do all necessary magic. + */ +static CURLcode +cyassl_connect_step1(struct connectdata *conn, + int sockindex) +{ + struct SessionHandle *data = conn->data; + struct ssl_connect_data* conssl = &conn->ssl[sockindex]; + SSL_METHOD* req_method = NULL; + void* ssl_sessionid = NULL; + curl_socket_t sockfd = conn->sock[sockindex]; + + if(conssl->state == ssl_connection_complete) + return CURLE_OK; + + /* CyaSSL doesn't support SSLv2 */ + if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { + failf(data, "CyaSSL does not support SSLv2"); + return CURLE_SSL_CONNECT_ERROR; + } + + /* check to see if we've been told to use an explicit SSL/TLS version */ + switch(data->set.ssl.version) { + case CURL_SSLVERSION_DEFAULT: + /* we try to figure out version */ + req_method = SSLv23_client_method(); + break; + case CURL_SSLVERSION_TLSv1: + req_method = TLSv1_client_method(); + break; + case CURL_SSLVERSION_SSLv3: + req_method = SSLv3_client_method(); + break; + default: + req_method = TLSv1_client_method(); + } + + if(!req_method) { + failf(data, "SSL: couldn't create a method!"); + return CURLE_OUT_OF_MEMORY; + } + + if(conssl->ctx) + SSL_CTX_free(conssl->ctx); + conssl->ctx = SSL_CTX_new(req_method); + + if(!conssl->ctx) { + failf(data, "SSL: couldn't create a context!"); + return CURLE_OUT_OF_MEMORY; + } + + /* load trusted cacert */ + if(data->set.str[STRING_SSL_CAFILE]) { + if (!SSL_CTX_load_verify_locations(conssl->ctx, + data->set.str[STRING_SSL_CAFILE], + data->set.str[STRING_SSL_CAPATH])) { + if (data->set.ssl.verifypeer) { + /* Fail if we insiste on successfully verifying the server. */ + failf(data,"error setting certificate verify locations:\n" + " CAfile: %s\n CApath: %s\n", + data->set.str[STRING_SSL_CAFILE]? + data->set.str[STRING_SSL_CAFILE]: "none", + data->set.str[STRING_SSL_CAPATH]? + data->set.str[STRING_SSL_CAPATH] : "none"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "error setting certificate verify locations," + " continuing anyway:\n"); + } + } + else { + /* Everything is fine. */ + infof(data, "successfully set certificate verify locations:\n"); + } + infof(data, + " CAfile: %s\n" + " CApath: %s\n", + data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]: + "none", + data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]: + "none"); + } + + /* Load the client certificate, and private key */ + if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) { + int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]); + + if (SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT], + file_type) != 1) { + failf(data, "unable to use client certificate (no key or wrong pass" + " phrase?)"); + return CURLE_SSL_CONNECT_ERROR; + } + + file_type = do_file_type(data->set.str[STRING_KEY_TYPE]); + if (SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY], + file_type) != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; + } + } + + /* SSL always tries to verify the peer, this only says whether it should + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with + * SSL_get_verify_result() below. */ + SSL_CTX_set_verify(conssl->ctx, + data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, + NULL); + + /* Let's make an SSL structure */ + if (conssl->handle) + SSL_free(conssl->handle); + conssl->handle = SSL_new(conssl->ctx); + if (!conssl->handle) { + failf(data, "SSL: couldn't create a context (handle)!"); + return CURLE_OUT_OF_MEMORY; + } + + /* Check if there's a cached ID we can/should use here! */ + if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) { + /* we got a session id, use it! */ + if(!SSL_set_session(conssl->handle, ssl_sessionid)) { + failf(data, "SSL: SSL_set_session failed: %s", + ERR_error_string(SSL_get_error(conssl->handle, 0),NULL)); + return CURLE_SSL_CONNECT_ERROR; + } + /* Informational message */ + infof (data, "SSL re-using session ID\n"); + } + + /* pass the raw socket into the SSL layer */ + if (!SSL_set_fd(conssl->handle, (int)sockfd)) { + failf(data, "SSL: SSL_set_fd failed"); + return CURLE_SSL_CONNECT_ERROR; + } + + conssl->connecting_state = ssl_connect_2; + return CURLE_OK; +} + + +static CURLcode +cyassl_connect_step2(struct connectdata *conn, + int sockindex) +{ + int ret = -1; + struct SessionHandle *data = conn->data; + struct ssl_connect_data* conssl = &conn->ssl[sockindex]; + + infof(data, "CyaSSL: Connecting to %s:%d\n", + conn->host.name, conn->remote_port); + + conn->recv[sockindex] = cyassl_recv; + conn->send[sockindex] = cyassl_send; + + ret = SSL_connect(conssl->handle); + if (ret != 1) { + char error_buffer[80]; + int detail = SSL_get_error(conssl->handle, ret); + + if (SSL_ERROR_WANT_READ == detail) { + conssl->connecting_state = ssl_connect_2_reading; + return CURLE_OK; + } + + if (SSL_ERROR_WANT_WRITE == detail) { + conssl->connecting_state = ssl_connect_2_writing; + return CURLE_OK; + } + + failf(data, "SSL_connect failed with error %d: %s", detail, + ERR_error_string(detail, error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } + + conssl->connecting_state = ssl_connect_3; + infof(data, "SSL connected"); + + return CURLE_OK; +} + + +static CURLcode +cyassl_connect_step3(struct connectdata *conn, + int sockindex) +{ + CURLcode retcode = CURLE_OK; + void *old_ssl_sessionid=NULL; + struct SessionHandle *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + int incache; + SSL_SESSION *our_ssl_sessionid; + + DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + + our_ssl_sessionid = SSL_get_session(connssl->handle); + + incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL)); + if (incache) { + if (old_ssl_sessionid != our_ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); + Curl_ssl_delsessionid(conn, old_ssl_sessionid); + incache = FALSE; + } + } + if (!incache) { + retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, + 0 /* unknown size */); + if(retcode) { + failf(data, "failed to store ssl session"); + return retcode; + } + } + + connssl->connecting_state = ssl_connect_done; + + return retcode; +} + + +static ssize_t cyassl_send(struct connectdata *conn, + int sockindex, + const void *mem, + size_t len, + CURLcode *curlcode) +{ + char error_buffer[80]; + int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; + int rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen); + + if (rc < 0) { + int err = SSL_get_error(conn->ssl[sockindex].handle, rc); + + switch(err) { + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + /* there's data pending, re-invoke SSL_write() */ + *curlcode = CURLE_AGAIN; + return -1; + default: + failf(conn->data, "SSL write: %s, errno %d", + ERR_error_string(err, error_buffer), + SOCKERRNO); + *curlcode = CURLE_SEND_ERROR; + return -1; + } + } + return rc; +} + +void Curl_cyassl_close_all(struct SessionHandle *data) +{ + (void)data; +} + +void Curl_cyassl_close(struct connectdata *conn, int sockindex) +{ + struct ssl_connect_data *conssl = &conn->ssl[sockindex]; + + if(conssl->handle) { + (void)SSL_shutdown(conssl->handle); + SSL_free (conssl->handle); + conssl->handle = NULL; + } + if(conssl->ctx) { + SSL_CTX_free (conssl->ctx); + conssl->ctx = NULL; + } +} + +static ssize_t cyassl_recv(struct connectdata *conn, + int num, + char *buf, + size_t buffersize, + CURLcode *curlcode) +{ + char error_buffer[80]; + int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; + int nread = SSL_read(conn->ssl[num].handle, buf, buffsize); + + if (nread < 0) { + int err = SSL_get_error(conn->ssl[num].handle, nread); + + switch(err) { + case SSL_ERROR_ZERO_RETURN: /* no more data */ + break; + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + /* there's data pending, re-invoke SSL_read() */ + *curlcode = CURLE_AGAIN; + return -1; + default: + failf(conn->data, "SSL read: %s, errno %d", + ERR_error_string(err, error_buffer), + SOCKERRNO); + *curlcode = CURLE_RECV_ERROR; + return -1; + } + } + return nread; +} + + +void Curl_cyassl_session_free(void *ptr) +{ + (void)ptr; + /* CyaSSL reuses sessions on own, no free */ +} + + +size_t Curl_cyassl_version(char *buffer, size_t size) +{ +#ifdef CYASSL_VERSION + return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION); +#else + return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8"); +#endif +} + + +int Curl_cyassl_init(void) +{ + InitCyaSSL(); + + return 1; +} + + +bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) +{ + if (conn->ssl[connindex].handle) /* SSL is in use */ + return (bool)(0 != SSL_pending(conn->ssl[connindex].handle)); + else + return FALSE; +} + + +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) +{ + int retval = 0; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + + if(connssl->handle) { + SSL_free (connssl->handle); + connssl->handle = NULL; + } + return retval; +} + + +static CURLcode +cyassl_connect_common(struct connectdata *conn, + int sockindex, + bool nonblocking, + bool *done) +{ + CURLcode retcode; + struct SessionHandle *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + curl_socket_t sockfd = conn->sock[sockindex]; + long timeout_ms; + int what; + + /* check if the connection has already been established */ + if(ssl_connection_complete == connssl->state) { + *done = TRUE; + return CURLE_OK; + } + + if(ssl_connect_1==connssl->connecting_state) { + /* Find out how much more time we're allowed */ + timeout_ms = Curl_timeleft(data, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + retcode = cyassl_connect_step1(conn, sockindex); + if(retcode) + return retcode; + } + + while(ssl_connect_2 == connssl->connecting_state || + ssl_connect_2_reading == connssl->connecting_state || + ssl_connect_2_writing == connssl->connecting_state) { + + /* check allowed time left */ + timeout_ms = Curl_timeleft(data, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + + /* if ssl is expecting something, check if it's available. */ + if(connssl->connecting_state == ssl_connect_2_reading + || connssl->connecting_state == ssl_connect_2_writing) { + + curl_socket_t writefd = ssl_connect_2_writing== + connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = ssl_connect_2_reading== + connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + + what = Curl_socket_ready(readfd, writefd, + nonblocking?0:(int)timeout_ms); + if(what < 0) { + /* fatal error */ + failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); + return CURLE_SSL_CONNECT_ERROR; + } + else if(0 == what) { + if(nonblocking) { + *done = FALSE; + return CURLE_OK; + } + else { + /* timeout */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + } + /* socket is readable or writable */ + } + + /* Run transaction, and return to the caller if it failed or if + * this connection is part of a multi handle and this loop would + * execute again. This permits the owner of a multi handle to + * abort a connection attempt before step2 has completed while + * ensuring that a client using select() or epoll() will always + * have a valid fdset to wait on. + */ + retcode = cyassl_connect_step2(conn, sockindex); + if(retcode || (nonblocking && + (ssl_connect_2 == connssl->connecting_state || + ssl_connect_2_reading == connssl->connecting_state || + ssl_connect_2_writing == connssl->connecting_state))) + return retcode; + + } /* repeat step2 until all transactions are done. */ + + if(ssl_connect_3==connssl->connecting_state) { + retcode = cyassl_connect_step3(conn, sockindex); + if(retcode) + return retcode; + } + + if(ssl_connect_done==connssl->connecting_state) { + connssl->state = ssl_connection_complete; + conn->recv[sockindex] = cyassl_recv; + conn->send[sockindex] = cyassl_send; + *done = TRUE; + } + else + *done = FALSE; + + /* Reset our connect state machine */ + connssl->connecting_state = ssl_connect_1; + + return CURLE_OK; +} + + +CURLcode +Curl_cyassl_connect_nonblocking(struct connectdata *conn, + int sockindex, + bool *done) +{ + return cyassl_connect_common(conn, sockindex, TRUE, done); +} + + +CURLcode +Curl_cyassl_connect(struct connectdata *conn, + int sockindex) +{ + CURLcode retcode; + bool done = FALSE; + + retcode = cyassl_connect_common(conn, sockindex, FALSE, &done); + if(retcode) + return retcode; + + DEBUGASSERT(done); + + return CURLE_OK; +} + +#endif diff --git a/lib/cyassl.h b/lib/cyassl.h new file mode 100644 index 000000000..6dbf70f4d --- /dev/null +++ b/lib/cyassl.h @@ -0,0 +1,63 @@ +#ifndef HEADER_CURL_CYASSL_H +#define HEADER_CURL_CYASSL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#ifdef USE_CYASSL + +CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex); +bool Curl_cyassl_data_pending(const struct connectdata* conn,int connindex); +int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex); + +/* tell CyaSSL to close down all open information regarding connections (and + thus session ID caching etc) */ +void Curl_cyassl_close_all(struct SessionHandle *data); + + /* close a SSL connection */ +void Curl_cyassl_close(struct connectdata *conn, int sockindex); + +void Curl_cyassl_session_free(void *ptr); +size_t Curl_cyassl_version(char *buffer, size_t size); +int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex); +int Curl_cyassl_init(void); +CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, + int sockindex, + bool *done); + +/* API setup for CyaSSL */ +#define curlssl_init Curl_cyassl_init +#define curlssl_cleanup() +#define curlssl_connect Curl_cyassl_connect +#define curlssl_connect_nonblocking Curl_cyassl_connect_nonblocking +#define curlssl_session_free(x) Curl_cyassl_session_free(x) +#define curlssl_close_all Curl_cyassl_close_all +#define curlssl_close Curl_cyassl_close +#define curlssl_shutdown(x,y) Curl_cyassl_shutdown(x,y) +#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT) +#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT) +#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL) +#define curlssl_version Curl_cyassl_version +#define curlssl_check_cxn(x) (x=x, -1) +#define curlssl_data_pending(x,y) Curl_cyassl_data_pending(x,y) + +#endif /* USE_CYASSL */ +#endif /* HEADER_CURL_CYASSL_H */ diff --git a/lib/file.c b/lib/file.c index a627a8129..d4e941f75 100644 --- a/lib/file.c +++ b/lib/file.c @@ -464,7 +464,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done) } if(fstated && !data->state.range && data->set.timecondition) { - if(!Curl_meets_timecondition(data, data->info.filetime)) { + if(!Curl_meets_timecondition(data, (time_t)data->info.filetime)) { *done = TRUE; return CURLE_OK; } diff --git a/lib/http.c b/lib/http.c index b2fb7cb28..419efc167 100644 --- a/lib/http.c +++ b/lib/http.c @@ -531,6 +531,7 @@ output_auth_headers(struct connectdata *conn, #endif #ifdef USE_HTTP_NEGOTIATE + negdata->state = GSS_AUTHNONE; if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) && negdata->context && !GSS_ERROR(negdata->status)) { auth="GSS-Negotiate"; @@ -1849,7 +1850,8 @@ static int https_getsock(struct connectdata *conn, return CURLE_OK; } #else -#ifdef USE_NSS +#if defined(USE_NSS) || defined(USE_QSOSSL) || \ + defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_CYASSL) static int https_getsock(struct connectdata *conn, curl_socket_t *socks, int numsocks) @@ -1859,43 +1861,7 @@ static int https_getsock(struct connectdata *conn, (void)numsocks; return GETSOCK_BLANK; } -#else -#ifdef USE_QSOSSL -static int https_getsock(struct connectdata *conn, - curl_socket_t *socks, - int numsocks) -{ - (void)conn; - (void)socks; - (void)numsocks; - return GETSOCK_BLANK; -} -#else -#ifdef USE_POLARSSL -static int https_getsock(struct connectdata *conn, - curl_socket_t *socks, - int numsocks) -{ - (void)conn; - (void)socks; - (void)numsocks; - return GETSOCK_BLANK; -} -#else -#ifdef USE_AXTLS -static int https_getsock(struct connectdata *conn, - curl_socket_t *socks, - int numsocks) -{ - (void)conn; - (void)socks; - (void)numsocks; - return GETSOCK_BLANK; -} -#endif /* USE_AXTLS */ -#endif /* USE_POLARSSL */ -#endif /* USE_QSOSSL */ -#endif /* USE_NSS */ +#endif /* USE_AXTLS || USE_POLARSSL || USE_QSOSSL || USE_NSS */ #endif /* USE_SSLEAY || USE_GNUTLS */ /* @@ -1908,7 +1874,6 @@ CURLcode Curl_http_done(struct connectdata *conn, { struct SessionHandle *data = conn->data; struct HTTP *http =data->state.proto.http; - (void)premature; /* not used */ Curl_unencode_cleanup(conn); diff --git a/lib/netrc.c b/lib/netrc.c index b069c8c49..efb4076bb 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -80,21 +80,6 @@ int Curl_parsenetrc(const char *host, #define NETRC DOT_CHAR "netrc" -#ifdef DEBUGBUILD - { - /* This is a hack to allow testing. - * If compiled with --enable-debug and CURL_DEBUG_NETRC is defined, - * then it's the path to a substitute .netrc for testing purposes *only* */ - - char *override = curl_getenv("CURL_DEBUG_NETRC"); - - if(override) { - fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override); - netrcfile = override; - netrc_alloc = TRUE; - } - } -#endif /* DEBUGBUILD */ if(!netrcfile) { home = curl_getenv("HOME"); /* portable environment reader */ if(home) { @@ -157,9 +142,6 @@ int Curl_parsenetrc(const char *host, if(Curl_raw_equal(host, tok)) { /* and yes, this is our host! */ state=HOSTVALID; -#ifdef _NETRC_DEBUG - fprintf(stderr, "HOST: %s\n", tok); -#endif retcode=0; /* we did find our host */ } else @@ -174,18 +156,12 @@ int Curl_parsenetrc(const char *host, } else { strncpy(login, tok, LOGINSIZE-1); -#ifdef _NETRC_DEBUG - fprintf(stderr, "LOGIN: %s\n", login); -#endif } state_login=0; } else if(state_password) { if(state_our_login || !specific_login) { strncpy(password, tok, PASSWORDSIZE-1); -#ifdef _NETRC_DEBUG - fprintf(stderr, "PASSWORD: %s\n", password); -#endif } state_password=0; } @@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) struct SessionHandle *data = conn->data; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - int curlerr; + CURLcode curlerr; const int *cipher_to_enable; PRSocketOptionData sock_opt; long time_left; @@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) NULL) != SECSuccess) goto error; - if(data->set.ssl.verifypeer && (CURLE_OK != - (curlerr = nss_load_ca_certificates(conn, sockindex)))) - goto error; + if(data->set.ssl.verifypeer) { + const CURLcode rv = nss_load_ca_certificates(conn, sockindex); + if(CURLE_OK != rv) { + curlerr = rv; + goto error; + } + } if (data->set.ssl.CRLfile) { if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) { diff --git a/lib/rawstr.h b/lib/rawstr.h index 7e9747a79..59633b7f5 100644 --- a/lib/rawstr.h +++ b/lib/rawstr.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,5 +40,5 @@ char Curl_raw_toupper(char in); argument is zero-byte terminated */ #define checkprefix(a,b) Curl_raw_nequal(a,b,strlen(a)) -#endif void Curl_strntoupper(char *dest, const char *src, size_t n); +#endif diff --git a/lib/setup.h b/lib/setup.h index 68c09a091..477d4690b 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -551,7 +551,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" -#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) +#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_CYASSL) #define USE_SSL /* SSL support has been enabled */ #endif @@ -1599,6 +1599,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; + /* since we don't really wait for anything at this point, we want the + state machine to move on as soon as possible so we set a very short + timeout here */ + Curl_expire(data, 1); + state(conn, SSH_STOP); } break; @@ -2042,8 +2047,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) } sshc->sftp_handle = NULL; } - Curl_safefree(sftp_scp->path); - sftp_scp->path = NULL; + if(sftp_scp) { + Curl_safefree(sftp_scp->path); + sftp_scp->path = NULL; + } DEBUGF(infof(data, "SFTP DONE done\n")); #if 0 /* PREV */ @@ -2587,10 +2594,9 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done) rc = libssh2_knownhost_readfile(ssh->kh, data->set.str[STRING_SSH_KNOWNHOSTS], LIBSSH2_KNOWNHOST_FILE_OPENSSH); - if(rc) { + if(rc < 0) infof(data, "Failed to read known hosts from %s\n", data->set.str[STRING_SSH_KNOWNHOSTS]); - } } #endif /* HAVE_LIBSSH2_KNOWNHOST_API */ @@ -2748,8 +2754,10 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status) else result = status; - Curl_safefree(sftp_scp->path); - sftp_scp->path = NULL; + if(sftp_scp) { + Curl_safefree(sftp_scp->path); + sftp_scp->path = NULL; + } Curl_pgrsDone(conn); conn->data->req.keepon = 0; /* clear all bits */ diff --git a/lib/sslgen.c b/lib/sslgen.c index c1a8a3073..b614e086d 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -32,6 +32,7 @@ Curl_gtls_ - prefix for GnuTLS ones Curl_nss_ - prefix for NSS ones Curl_polarssl_ - prefix for PolarSSL ones + Curl_cyassl_ - prefix for CyaSSL ones Note that this source code uses curlssl_* functions, and they are all defines/macros #defined by the lib-specific header files. @@ -58,6 +59,7 @@ #include "qssl.h" /* QSOSSL versions */ #include "polarssl.h" /* PolarSSL versions */ #include "axtls.h" /* axTLS versions */ +#include "cyassl.h" /* CyaSSL versions */ #include "sendf.h" #include "rawstr.h" #include "url.h" diff --git a/lib/transfer.c b/lib/transfer.c index f316000a1..63ab5c4e9 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -359,7 +359,7 @@ static void read_rewind(struct connectdata *conn, * Check to see if CURLOPT_TIMECONDITION was met by comparing the time of the * remote document with the time provided by CURLOPT_TIMEVAL */ -bool Curl_meets_timecondition(struct SessionHandle *data, long timeofdoc) +bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc) { if((timeofdoc == 0) || (data->set.timevalue == 0)) return TRUE; @@ -946,6 +946,14 @@ static CURLcode readwrite_upload(struct SessionHandle *data, Curl_debug(data, CURLINFO_DATA_OUT, data->req.upload_fromhere, (size_t)bytes_written, conn); + k->writebytecount += bytes_written; + + if(k->writebytecount == data->set.infilesize) { + /* we have sent all data we were supposed to */ + k->upload_done = TRUE; + infof(data, "We are completely uploaded and fine\n"); + } + if(data->req.upload_present != bytes_written) { /* we only wrote a part of the buffer (if anything), deal with it! */ @@ -967,7 +975,6 @@ static CURLcode readwrite_upload(struct SessionHandle *data, } } - k->writebytecount += bytes_written; Curl_pgrsSetUploadCounter(data, k->writebytecount); } while(0); /* just to break out from! */ diff --git a/lib/transfer.h b/lib/transfer.h index c966cafb0..f60937cbf 100644 --- a/lib/transfer.h +++ b/lib/transfer.h @@ -47,7 +47,7 @@ CURLcode Curl_readrewind(struct connectdata *conn); CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp); CURLcode Curl_reconnect_request(struct connectdata **connp); CURLcode Curl_retry_request(struct connectdata *conn, char **url); -bool Curl_meets_timecondition(struct SessionHandle *data, long timeofdoc); +bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc); /* This sets up a forthcoming transfer */ void @@ -184,8 +184,9 @@ static const struct Curl_handler * const protocols[] = { #ifndef CURL_DISABLE_LDAP &Curl_handler_ldap, -#if (defined(USE_OPENLDAP) && defined(USE_SSL)) || \ - (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)) +#if !defined(CURL_DISABLE_LDAPS) && \ + ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \ + (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL))) &Curl_handler_ldaps, #endif #endif diff --git a/lib/urldata.h b/lib/urldata.h index bf74aaf7c..1d27d2626 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -111,6 +111,10 @@ #include <polarssl/ssl.h> #endif +#ifdef USE_CYASSL +#include <openssl/ssl.h> +#endif + #ifdef USE_NSS #include <nspr.h> #include <pk11pub.h> @@ -266,6 +270,11 @@ struct ssl_connect_data { x509_crl crl; rsa_context rsa; #endif /* USE_POLARSSL */ +#ifdef USE_CYASSL + SSL_CTX* ctx; + SSL* handle; + ssl_connect_state connecting_state; +#endif /* USE_CYASSL */ #ifdef USE_NSS PRFileDesc *handle; char *client_nickname; @@ -762,7 +771,8 @@ struct connectdata { #define PROT_SSL (1<<29) /* protocol requires SSL */ /* these ones need action before socket close */ -#define PROT_CLOSEACTION (PROT_FTP | PROT_IMAP | PROT_POP3) +#define PROT_CLOSEACTION (PROT_FTP | PROT_IMAP | PROT_POP3 | \ + PROT_SFTP | PROT_SCP) #define PROT_DUALCHANNEL PROT_FTP /* these protocols use two connections */ /* 'dns_entry' is the particular host we use. This points to an entry in the diff --git a/lib/version.c b/lib/version.c index 52989cdc6..97dd16395 100644 --- a/lib/version.c +++ b/lib/version.c @@ -180,8 +180,9 @@ static const char * const protocols[] = { #endif #ifndef CURL_DISABLE_LDAP "ldap", -#if (defined(USE_OPENLDAP) && defined(USE_SSL)) || \ - (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)) +#if !defined(CURL_DISABLE_LDAPS) && \ + ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \ + (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL))) "ldaps", #endif #endif |