aboutsummaryrefslogtreecommitdiff
path: root/lib/axtls.c
AgeCommit message (Collapse)Author
2012-11-08SSL: Several SSL-backend related fixesOscar Koeroo
axTLS: This will make the axTLS backend perform the RFC2818 checks, honoring the VERIFYHOST setting similar to the OpenSSL backend. Generic for OpenSSL and axTLS: Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c files to make them genericly available for both the OpenSSL, axTLS and other SSL backends. They are now in the new lib/hostcheck.c file. CyaSSL: CyaSSL now also has the RFC2818 checks enabled by default. There is a limitation that the verifyhost can not be enabled exclusively on the Subject CN field comparison. This SSL backend will thus behave like the NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: setting verifyhost to 0 or 1 will disable the Subject Alt Names checks too. Schannel: Updated the schannel information messages: Split the IP address usage message from the verifyhost setting and changed the message about disabling SNI (Server Name Indication, used in HTTP virtual hosting) into a message stating that the Subject Alternative Names checks are being disabled when verifyhost is set to 0 or 1. As a side effect of switching off the RFC2818 related servername checks with SCH_CRED_NO_SERVERNAME_CHECK (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature is being disabled. This effect is not documented in MSDN, but Wireshark output clearly shows the effect (details on the libcurl maillist). PolarSSL: Fix the prototype change in PolarSSL of ssl_set_session() and the move of the peer_cert from the ssl_context to the ssl_session. Found this change in the PolarSSL SVN between r1316 and r1317 where the POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu PolarSSL version 1.1.4 the check is to discriminate between lower then PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN trunk jumped from version 1.1.1 to 1.2.0. Generic: All the SSL backends are fixed and checked to work with the ssl.verifyhost as a boolean, which is an internal API change.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-07-04code style: space between close paren and open braceDaniel Stenberg
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2010-12-22Fixed include: memory.h -> curl_memory.h.Guenter Knauf
2010-12-15axtls_connect: allow connect without peer verificationDaniel Stenberg
The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the code to verify the peer certificate explicitly after the handshake and then the "data->set.ssl.verifypeer" option works.
2010-12-15axTLS: allow "default" SSL version as wellDaniel Stenberg
When no explicit version is selected we should try to use whatever is best for us, and in the axTLS case that means TLSv1.
2010-12-15axtls.c: cleanupDaniel Stenberg
Removed trailing whitespace Removed several compiler warnings Removed odd backslashes at some line endings
2010-12-15Minor fixes to pass tests 301 and 306 with a patched axTLS.Eric Hu
2010-12-15Initial axTLS integration. Connections can be made and some tests pass.Eric Hu
Failed HTTPS tests: 301, 306, 311, 312, 313, 560 311, 312 need more detailed error reporting from axTLS. 313 relates to CRL, which hasn't been implemented yet.
2010-12-15Preparing for axTLS. Actual SSL API functions are only stubbed.Eric Hu
Added axTLS to autotool files and glue code to misc other files. axtls.h maps SSL API functions, but may change. axtls.c is just a stub file and will definitely change.