diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/axtls.c | 96 |
1 files changed, 47 insertions, 49 deletions
diff --git a/lib/axtls.c b/lib/axtls.c index 82a0ddcc6..80c3554ee 100644 --- a/lib/axtls.c +++ b/lib/axtls.c @@ -55,7 +55,7 @@ static int SSL_read(SSL *ssl, void *buf, int num) { uint8_t *read_buf; int ret; - + while((ret = ssl_read(ssl, &read_buf)) == SSL_OK); if(ret > SSL_OK){ @@ -182,13 +182,13 @@ Curl_axtls_connect(struct connectdata *conn, /* Load the trusted CA cert bundle file */ if(data->set.ssl.CAfile) { - if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL) \ + if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL) != SSL_OK){ infof(data, "error reading ca cert file %s \n", - data->set.ssl.CAfile); + data->set.ssl.CAfile); if(data->set.ssl.verifypeer){ - Curl_axtls_close(conn, sockindex); - return CURLE_SSL_CACERT_BADFILE; + Curl_axtls_close(conn, sockindex); + return CURLE_SSL_CACERT_BADFILE; } } else @@ -199,7 +199,7 @@ Curl_axtls_connect(struct connectdata *conn, * 1) certificate revocation list checking * 2) dns name assignment to host * 3) set protocol priority. axTLS is TLSv1 only, so can probably ignore - * 4) set certificate priority. axTLS ignores type and sends certs in + * 4) set certificate priority. axTLS ignores type and sends certs in * order added. can probably ignore this. */ @@ -208,20 +208,20 @@ Curl_axtls_connect(struct connectdata *conn, i=0; /* Instead of trying to analyze cert type here, let axTLS try them all. */ while(cert_types[i] != 0){ - ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i], \ - data->set.str[STRING_CERT], NULL); + ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i], + data->set.str[STRING_CERT], NULL); if(ssl_fcn_return == SSL_OK){ - infof(data, "successfully read cert file %s \n", \ - data->set.str[STRING_CERT]); - break; + infof(data, "successfully read cert file %s \n", + data->set.str[STRING_CERT]); + break; } i++; } /* Tried all cert types, none worked. */ if(cert_types[i] == 0){ - failf(data, "%s is not x509 or pkcs12 format", \ - data->set.str[STRING_CERT]); - Curl_axtls_close(conn, sockindex); + failf(data, "%s is not x509 or pkcs12 format", + data->set.str[STRING_CERT]); + Curl_axtls_close(conn, sockindex); return CURLE_SSL_CERTPROBLEM; } } @@ -233,20 +233,20 @@ Curl_axtls_connect(struct connectdata *conn, i=0; /* Instead of trying to analyze key type here, let axTLS try them all. */ while(key_types[i] != 0){ - ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i], \ - data->set.str[STRING_KEY], NULL); + ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i], + data->set.str[STRING_KEY], NULL); if(ssl_fcn_return == SSL_OK){ - infof(data, "successfully read key file %s \n", \ - data->set.str[STRING_KEY]); - break; + infof(data, "successfully read key file %s \n", + data->set.str[STRING_KEY]); + break; } i++; } /* Tried all key types, none worked. */ if(key_types[i] == 0){ - failf(data, "Failure: %s is not a supported key file", \ - data->set.str[STRING_KEY]); - Curl_axtls_close(conn, sockindex); + failf(data, "Failure: %s is not a supported key file", + data->set.str[STRING_KEY]); + Curl_axtls_close(conn, sockindex); return CURLE_SSL_CONNECT_ERROR; } } @@ -258,11 +258,11 @@ Curl_axtls_connect(struct connectdata *conn, */ /* In axTLS, handshaking happens inside ssl_client_new. */ - if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)){ + if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) { /* we got a session id, use it! */ infof (data, "SSL re-using session ID\n"); - ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], \ - ssl_sessionid, ssl_idsize); + ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], + ssl_sessionid, (uint8_t)ssl_idsize); } else ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0); @@ -270,20 +270,20 @@ Curl_axtls_connect(struct connectdata *conn, /* Check to make sure handshake was ok. */ ssl_fcn_return = ssl_handshake_status(ssl); if(ssl_fcn_return != SSL_OK){ - Curl_axtls_close(conn, sockindex); + Curl_axtls_close(conn, sockindex); ssl_display_error(ssl_fcn_return); /* goes to stdout. */ return map_error_to_curl(ssl_fcn_return); } infof (data, "handshake completed successfully\n"); - /* Here, gtls.c gets the peer certificates and fails out depending on + /* Here, gtls.c gets the peer certificates and fails out depending on * settings in "data." axTLS api doesn't have get cert chain fcn, so omit? */ /* Verify server's certificate */ if(data->set.ssl.verifypeer){ if(ssl_verify_cert(ssl) != SSL_OK){ - Curl_axtls_close(conn, sockindex); + Curl_axtls_close(conn, sockindex); failf(data, "server cert verify failed"); return CURLE_SSL_CONNECT_ERROR; } @@ -296,11 +296,11 @@ Curl_axtls_connect(struct connectdata *conn, /* See if common name was set in server certificate */ x509 = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME); - if(x509 == NULL) + if(x509 == NULL) infof(data, "error fetching CN from cert\n"); /* Here, gtls.c does the following - * 1) x509 hostname checking per RFC2818. axTLS doesn't support this, but + * 1) x509 hostname checking per RFC2818. axTLS doesn't support this, but * it seems useful. Omitting for now. * 2) checks cert validity based on time. axTLS does this in ssl_verify_cert * 3) displays a bunch of cert information. axTLS doesn't support most of @@ -317,7 +317,7 @@ Curl_axtls_connect(struct connectdata *conn, /* Put our freshly minted SSL session in cache */ ssl_idsize = ssl_get_session_id_size(ssl); ssl_sessionid = ssl_get_session_id(ssl); - if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize) \ + if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize) != CURLE_OK) infof (data, "failed to add session to cache\n"); @@ -327,15 +327,12 @@ Curl_axtls_connect(struct connectdata *conn, /* return number of sent (non-SSL) bytes */ static ssize_t axtls_send(struct connectdata *conn, - int sockindex, - const void *mem, - size_t len, - CURLcode *err) + int sockindex, + const void *mem, + size_t len, + CURLcode *err) { - /* ssl_write() returns 'int' while write() and send() returns - 'size_t' */ - char error_buffer[120]; /* Comply with OpenSSL, which documents that this - must be at least 120 bytes long. */ + /* ssl_write() returns 'int' while write() and send() returns 'size_t' */ int rc = ssl_write(conn->ssl[sockindex].ssl, mem, (int)len); infof(conn->data, " axtls_send\n"); @@ -407,16 +404,16 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) if(connssl->ssl) { int what = Curl_socket_ready(conn->sock[sockindex], - CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT); + CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT); if(what > 0) { /* Something to read, let's do it and hope that it is the close - notify alert from the server */ + notify alert from the server */ nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf, - sizeof(buf)); + sizeof(buf)); if (nread < SSL_OK){ - failf(data, "close notify alert not received during shutdown"); - retval = -1; + failf(data, "close notify alert not received during shutdown"); + retval = -1; } } else if(0 == what) { @@ -436,10 +433,10 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) } static ssize_t axtls_recv(struct connectdata *conn, /* connection data */ - int num, /* socketindex */ - char *buf, /* store read data here */ - size_t buffersize, /* max amount to read */ - CURLcode *err) + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + CURLcode *err) { struct ssl_connect_data *connssl = &conn->ssl[num]; ssize_t ret = 0; @@ -475,7 +472,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */ int Curl_axtls_check_cxn(struct connectdata *conn) { /* ssluse.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1); - axTLS compat layer always returns the last argument, so connection is + axTLS compat layer always returns the last argument, so connection is always alive? */ infof(conn->data, " Curl_axtls_check_cxn\n"); @@ -484,6 +481,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn) void Curl_axtls_session_free(void *ptr) { + (void)ptr; /* free the ID */ /* both ssluse.c and gtls.c do something here, but axTLS's OpenSSL compatibility layer does nothing, so we do nothing too. */ |