From 7f70dbcad58eb7183d129860192d6968dd7063a1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 12 Feb 2007 22:32:37 +0000 Subject: Rob Crittenden added support for NSS (Network Security Service) for the SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/ --- lib/sslgen.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 2 deletions(-) (limited to 'lib/sslgen.c') diff --git a/lib/sslgen.c b/lib/sslgen.c index 5b75c3807..9043cee29 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -31,6 +31,7 @@ Curl_ssl_ - prefix for generic ones Curl_ossl_ - prefix for OpenSSL ones Curl_gtls_ - prefix for GnuTLS ones + Curl_nss_ - prefix for NSS ones "SSL/TLS Strong Encryption: An Introduction" http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html @@ -52,6 +53,7 @@ #include "sslgen.h" /* generic SSL protos etc */ #include "ssluse.h" /* OpenSSL versions */ #include "gtls.h" /* GnuTLS versions */ +#include "nssg.h" /* NSS versions */ #include "sendf.h" #include "strequal.h" #include "url.h" @@ -168,9 +170,13 @@ int Curl_ssl_init(void) #else #ifdef USE_GNUTLS return Curl_gtls_init(); +#else +#ifdef USE_NSS + return Curl_nss_init(); #else /* no SSL support */ return 1; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -186,6 +192,9 @@ void Curl_ssl_cleanup(void) #else #ifdef USE_GNUTLS Curl_gtls_cleanup(); +#ifdef USE_NSS + Curl_nss_cleanup(); +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ init_ssl = FALSE; @@ -204,6 +213,10 @@ Curl_ssl_connect(struct connectdata *conn, int sockindex) #else #ifdef USE_GNUTLS return Curl_gtls_connect(conn, sockindex); +#else +#ifdef USE_NSS + return Curl_nss_connect(conn, sockindex); +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ @@ -224,12 +237,17 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, conn->ssl[sockindex].use = TRUE; return Curl_ossl_connect_nonblocking(conn, sockindex, done); +#else +#ifdef USE_NSS + *done = TRUE; /* fallback to BLOCKING */ + return Curl_nss_connect(conn, sockindex); #else /* not implemented! fallback to BLOCKING call. */ *done = TRUE; return Curl_ssl_connect(conn, sockindex); -#endif +#endif /* USE_NSS */ +#endif /* USE_SSLEAY */ } #ifdef USE_SSL @@ -283,8 +301,14 @@ static int kill_session(struct curl_ssl_session *session) #ifdef USE_SSLEAY Curl_ossl_session_free(session->sessionid); #else +#ifdef USE_GNUTLS Curl_gtls_session_free(session->sessionid); -#endif +#else +#ifdef USE_NSS + /* NSS has its own session ID cache */ +#endif /* USE_NSS */ +#endif /* USE_GNUTLS */ +#endif /* USE_SSLEAY */ session->sessionid=NULL; session->age = 0; /* fresh */ @@ -375,6 +399,10 @@ void Curl_ssl_close_all(struct SessionHandle *data) #else #ifdef USE_GNUTLS Curl_gtls_close_all(data); +#else +#ifdef USE_NSS + Curl_nss_close_all(data); +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ #else /* USE_SSL */ @@ -390,8 +418,12 @@ void Curl_ssl_close(struct connectdata *conn) #else #ifdef USE_GNUTLS Curl_gtls_close(conn); +#else +#ifdef USE_GNUTLS + Curl_nss_close(conn); #else (void)conn; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -428,11 +460,18 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine) (void)data; (void)engine; return CURLE_FAILED_INIT; +#else +#ifdef USE_NSS + /* NSS doesn't set an engine this way */ + (void)data; + (void)engine; + return CURLE_FAILED_INIT; #else /* no SSL layer */ (void)data; (void)engine; return CURLE_FAILED_INIT; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -448,10 +487,16 @@ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data) /* FIX: add code here */ (void)data; return CURLE_FAILED_INIT; +#else +#ifdef USE_NSS + /* A no-op for NSS */ + (void)data; + return CURLE_FAILED_INIT; #else /* No SSL layer */ (void)data; return CURLE_FAILED_INIT; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -467,8 +512,14 @@ struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data) (void)data; return NULL; #else +#ifdef USE_NSS + /* In theory we could return the PKCS#11 modules loaded but that + * would just confuse things */ (void)data; return NULL; + (void)data; + return NULL; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -484,12 +535,16 @@ ssize_t Curl_ssl_send(struct connectdata *conn, #else #ifdef USE_GNUTLS return Curl_gtls_send(conn, sockindex, mem, len); +#else +#ifdef USE_NSS + return Curl_nss_send(conn, sockindex, mem, len); #else (void)conn; (void)sockindex; (void)mem; (void)len; return 0; +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -514,6 +569,10 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ #else #ifdef USE_GNUTLS nread = Curl_gtls_recv(conn, sockindex, mem, len, &block); +#else +#ifdef USE_NSS + nread = Curl_nss_recv(conn, sockindex, mem, len, &block); +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ if(nread == -1) { @@ -573,10 +632,14 @@ size_t Curl_ssl_version(char *buffer, size_t size) #else #ifdef USE_GNUTLS return Curl_gtls_version(buffer, size); +#else +#ifdef USE_NSS + return Curl_nss_version(buffer, size); #else (void)buffer; (void)size; return 0; /* no SSL support */ +#endif /* USE_NSS */ #endif /* USE_GNUTLS */ #endif /* USE_SSLEAY */ } @@ -594,10 +657,14 @@ int Curl_ssl_check_cxn(struct connectdata *conn) { #ifdef USE_SSLEAY return Curl_ossl_check_cxn(conn); +#else +#ifdef USE_NSS + return Curl_nss_check_cxn(conn); #else (void)conn; /* TODO: we lack implementation of this for GnuTLS */ return -1; /* connection status unknown */ +#endif /* USE_NSS */ #endif /* USE_SSLEAY */ } -- cgit v1.2.3