aboutsummaryrefslogtreecommitdiff
path: root/lib/sslgen.c
AgeCommit message (Collapse)Author
2011-01-10SSL: fix memory leakQuinn Slack
In OOM situation. Follow-up fix to commit a9cd4f4ed49e1a0.
2010-12-15Preparing for axTLS. Actual SSL API functions are only stubbed.Eric Hu
Added axTLS to autotool files and glue code to misc other files. axtls.h maps SSL API functions, but may change. axtls.c is just a stub file and will definitely change.
2010-05-07sendrecv: split the I/O handling into private handlerHoward Chu
Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently.
2010-05-05PolarSSL: initial support addedHoi-Ho Chan
This is Hoi-Ho Chan's patch with some minor fixes by me. There are some potential issues in this, but none worse than we can sort out on the list and over time.
2010-04-04refactorize interface of Curl_ssl_recv/Curl_ssl_sendKamil Dudka
2010-03-24remove the CVSish $Id$ linesDaniel Stenberg
2010-03-22Fix insufficient initialization in Curl_clone_ssl_config()douglas steinwand
which could have caused a double free when reusing curl handle.
2010-03-19- Improved Curl_read() to not ignore the error returned from Curl_ssl_recv().Kamil Dudka
2009-11-18Make usage of calloc()'s arguments consistent with rest of code baseYang Tse
2009-05-04- Michael Smith posted bug report #2786255Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes.
2009-04-26- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by SvenDaniel Stenberg
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi interface and provided a patch that fixed the problem!
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-02-25corrected and clarified the top commentDaniel Stenberg
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich
Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
2008-09-06remove unnecessary typecasting of calloc()Yang Tse
2008-09-05Only compile Curl_ssl_free_certinfo when SSL is enabledDan Fandrich
2008-09-05- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
2008-07-03Introcuding a new timestamp for curl_easy_getinfo():Daniel Stenberg
CURLINFO_APPCONNECT_TIME. This is set with the "application layer" handshake/connection is completed (typically SSL, TLS or SSH). By using this you can figure out the application layer's own connect time. You can extract the time stamp using curl's -w option and the new variable named 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-06-11- I did a cleanup of the internal generic SSL layer and how the various SSLDaniel Stenberg
libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions.
2008-05-09- Make Curl_write and it's callees accept a const pointer, in preparationMichal Marek
of tetetest's patch for curl_easy_send()
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2007-12-25added missing semicolon fromn last commit.Gunter Knauf
2007-12-24Gary Maxwell filed bug report #1856628Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the (small) memory leak in the SSL session ID caching code. It happened when a previous entry in the cache was re-used.
2007-12-03Bug report #1842029 (http://curl.haxx.se/bug/view.cgi?id=1842029) identifiedDaniel Stenberg
a problem with SSL session caching that prevent it from working, and the associated fix!
2007-11-19I think this is the right fix for other non-OpenSSL libs, based on the NSS fixDaniel Stenberg
from the other day. It is time to setup the internal SSL libs and treat them with a "handler" struct similar to how we deal with the protocols these days...
2007-11-18Rob Crittenden fixed SSL connections with NSS done with the multi-interfaceDaniel Stenberg
2007-11-07if () => if()Daniel Stenberg
while () => while() and some other minor re-indentings
2007-09-25#ifdef out a few more functions when SSL is disabled.Dan Fandrich
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-30Fixed compiler warning on non-SSL buildsDan Fandrich
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-23Implemented the parts of Patrick Monnerat's OS/400 patch that introducesDaniel Stenberg
support for the OS/400 Secure Sockets Layer library
2007-04-21Curl_ssl_close(): mark the connection as not using SSL anymore, to betterDaniel Stenberg
survive getting called twice
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-13compiler warning fixYang Tse
2007-02-12Rob Crittenden added support for NSS (Network Security Service) for theDaniel Stenberg
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
2007-02-01compiler warning fixYang Tse
2007-01-25fix compiler warnings for SSL-disabled buildsDaniel Stenberg
2007-01-24moved the SSL pending function to the proper place and nameDaniel Stenberg
2007-01-08Correct error code for CCC/SSL shutdown failureLinus Nielsen Feltzing
2007-01-06Fix compilation errors when building without SSLLinus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-12-16Brendan Jurd pointed out these typosDaniel Stenberg
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-09-12Compiler warning fixYang Tse
2006-09-11- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on aDaniel Stenberg
handle that is part of a multi handle first removes the handle from the stack. - Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL session-ID re-use on demand since there obviously are broken servers out there that misbehave with session-IDs used.
2006-05-11silence warningDaniel Stenberg
2006-05-10David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extendedDaniel Stenberg
checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions.