aboutsummaryrefslogtreecommitdiff
path: root/lib/sslgen.c
AgeCommit message (Collapse)Author
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich
Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
2008-09-06remove unnecessary typecasting of calloc()Yang Tse
2008-09-05Only compile Curl_ssl_free_certinfo when SSL is enabledDan Fandrich
2008-09-05- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
2008-07-03Introcuding a new timestamp for curl_easy_getinfo():Daniel Stenberg
CURLINFO_APPCONNECT_TIME. This is set with the "application layer" handshake/connection is completed (typically SSL, TLS or SSH). By using this you can figure out the application layer's own connect time. You can extract the time stamp using curl's -w option and the new variable named 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-06-11- I did a cleanup of the internal generic SSL layer and how the various SSLDaniel Stenberg
libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions.
2008-05-09- Make Curl_write and it's callees accept a const pointer, in preparationMichal Marek
of tetetest's patch for curl_easy_send()
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2007-12-25added missing semicolon fromn last commit.Gunter Knauf
2007-12-24Gary Maxwell filed bug report #1856628Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the (small) memory leak in the SSL session ID caching code. It happened when a previous entry in the cache was re-used.
2007-12-03Bug report #1842029 (http://curl.haxx.se/bug/view.cgi?id=1842029) identifiedDaniel Stenberg
a problem with SSL session caching that prevent it from working, and the associated fix!
2007-11-19I think this is the right fix for other non-OpenSSL libs, based on the NSS fixDaniel Stenberg
from the other day. It is time to setup the internal SSL libs and treat them with a "handler" struct similar to how we deal with the protocols these days...
2007-11-18Rob Crittenden fixed SSL connections with NSS done with the multi-interfaceDaniel Stenberg
2007-11-07if () => if()Daniel Stenberg
while () => while() and some other minor re-indentings
2007-09-25#ifdef out a few more functions when SSL is disabled.Dan Fandrich
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-30Fixed compiler warning on non-SSL buildsDan Fandrich
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-23Implemented the parts of Patrick Monnerat's OS/400 patch that introducesDaniel Stenberg
support for the OS/400 Secure Sockets Layer library
2007-04-21Curl_ssl_close(): mark the connection as not using SSL anymore, to betterDaniel Stenberg
survive getting called twice
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-13compiler warning fixYang Tse
2007-02-12Rob Crittenden added support for NSS (Network Security Service) for theDaniel Stenberg
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
2007-02-01compiler warning fixYang Tse
2007-01-25fix compiler warnings for SSL-disabled buildsDaniel Stenberg
2007-01-24moved the SSL pending function to the proper place and nameDaniel Stenberg
2007-01-08Correct error code for CCC/SSL shutdown failureLinus Nielsen Feltzing
2007-01-06Fix compilation errors when building without SSLLinus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-12-16Brendan Jurd pointed out these typosDaniel Stenberg
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-09-12Compiler warning fixYang Tse
2006-09-11- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on aDaniel Stenberg
handle that is part of a multi handle first removes the handle from the stack. - Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL session-ID re-use on demand since there obviously are broken servers out there that misbehave with session-IDs used.
2006-05-11silence warningDaniel Stenberg
2006-05-10David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extendedDaniel Stenberg
checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions.
2006-03-21Xavier Bouchoux made the SSL connection non-blocking for the multi interfaceDaniel Stenberg
(when using OpenSSL).
2005-08-11removed old debug left-over infof() callDaniel Stenberg
2005-05-05use calloc instead of malloc to save a call to memset()Daniel Stenberg
2005-05-04prevent memory leak when built SSL disabledDaniel Stenberg
2005-04-19prevent compiler warningDaniel Stenberg
2005-04-08re-arrange some code to prevent warnings on unreachable codeDaniel Stenberg
2005-04-07GnuTLS support added. There's now a "generic" SSL layer that we use all overDaniel Stenberg
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls