aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/mbedtls.c
AgeCommit message (Collapse)Author
2016-05-17mbedtls/polarssl: set "hostname" unconditionallyDaniel Stenberg
...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami
2016-05-09TLS: move the ALPN/NPN enable bits to the connectionDaniel Stenberg
Only protocols that actually have a protocol registered for ALPN and NPN should try to get that negotiated in the TLS handshake. That is only HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN would wrongly be used in all handshakes if libcurl was built with it enabled. Reported-by: Jay Satiro Fixes #789
2016-04-28mbedtls: Fix session resumeJay Satiro
This also fixes PolarSSL session resume. Prior to this change the TLS session information wasn't properly saved and restored for PolarSSL and mbedTLS. Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html Reported-by: Thomas Glanzmann Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html Reported-by: Moti Avrahami
2016-04-26mbedtls.c: silly spellfix of a commentDaniel Stenberg
2016-04-07mbedtls: fix MBEDTLS_DEBUG buildsDamien Vielpeau
2016-04-07mbedtls: implement and provide *_data_pending()Daniel Stenberg
... as otherwise we might get stuck thinking there's no more data to handle. Reported-by: Damien Vielpeau Fixes #737
2016-04-07mbedtls.c: name space pollution fix, Use 'Curl_'Daniel Stenberg
2016-04-07mbedtls.c: changed private prefix to mbed_Daniel Stenberg
mbedtls_ is the prefix used by the mbedTLS library itself so we should avoid using that for our private functions.
2016-04-03code: style updatesDaniel Stenberg
2016-03-19mbedtls: fix compiler warningDaniel Stenberg
vtls/mbedtls.h:67:36: warning: implicit declaration of function ‘mbedtls_sha256’ [-Wimplicit-function-declaration]
2016-03-05mbedtls: fix user-specified SSL protocol versionJay Satiro
Prior to this change when a single protocol CURL_SSLVERSION_ was specified by the user that version was set only as the minimum version but not as the maximum version as well.
2016-02-10mbedtls.c: re-indent to better match curl standardsDaniel Stenberg
2016-02-09mbedtls: fix memory leak when destroying SSL connection dataRafael Antonio
Closes #626
2016-02-09mbedtls: fix ALPN usage segfaultDaniel Stenberg
Since we didn't keep the input argument around after having called mbedtls, it could end up accessing the wrong memory when figuring out the ALPN protocols. Closes #642
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-01-18mbedtls: Fix pinned key return value on failJay Satiro
- Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601
2016-01-10mbedtls: implement CURLOPT_PINNEDPUBLICKEYThomas Glanzmann
2016-01-07mbedtls: Fix ALPN supportJay Satiro
- Fix ALPN reply detection. - Wrap nghttp2 code in ifdef USE_NGHTTP2. Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-10-29mbedtls: fix "Structurally dead code"Daniel Stenberg
CID 1332129
2015-10-29mbedtls: fix "Logically dead code"Daniel Stenberg
CID 1332128
2015-10-23polarssl/mbedtls: fix name space pollutionDaniel Stenberg
Global private symbols MUST start with Curl_!
2015-10-23mbedTLS: THREADING_SUPPORT compilation fixDmitry S. Baikov
Closes #505
2015-10-22mbedtls:new profile with RSA min key len = 1024.m-gardet
Closes #502
2015-10-20vtls: added support for mbedTLSJonas Minnberg
closes #496