moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

vtls: remove QsoSSL

Browse Source
This commit is contained in:
Patrick Monnerat 2014-10-13 16:33:47 +02:00
parent ec8330b21d
commit 265b9a2e49
27 changed files with 33 additions and 764 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/FAQ
View File

@ -427,7 +427,7 @@ FAQ
curl can be built to use one of the following SSL alternatives: OpenSSL,
GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
WinSSL (native Windows) or qssl (native IBM i). They all have their pros
WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
and cons, and we try to maintain a comparison of them here:
http://curl.haxx.se/docs/ssl-compared.html

4
docs/FEATURES
View File

@ -178,7 +178,7 @@ FOOTNOTES
=========
*1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native
Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i)
*2 = requires OpenLDAP
*3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or
SSPI (native Windows)
@ -186,7 +186,7 @@ FOOTNOTES
currently supported
*5 = requires nghttp2 and possibly a recent TLS library
*6 = requires c-ares
*7 = requires OpenSSL, NSS, qssl, WinSSL or Secure Transport; GnuTLS, for
*7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for
example, only supports SSLv3 and TLSv1
*8 = requires libssh2
*9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native

2
docs/INTERNALS
View File

@ -43,7 +43,7 @@ Portability
cyassl 2.0.0
openldap 2.0
MIT krb5 lib 1.2.4
qsossl V5R3M0
GSKit V5R3M0
NSS 3.14.x
axTLS 1.2.7
PolarSSL 1.3.0

4
docs/libcurl/curl_easy_getinfo.3
View File

@ -222,8 +222,8 @@ request was done. The struct reports how many certs it found and then you can
extract info for each of those certs by following the linked lists. The info
chain is provided in a series of data in the format "name:content" where the
content is for the specific named data. See also the certinfo.c example. NOTE:
this option is only available in libcurl built with OpenSSL, NSS, GSKit or
QsoSSL support. (Added in 7.19.1)
this option is only available in libcurl built with OpenSSL, NSS or GSKit
support. (Added in 7.19.1)
.IP CURLINFO_TLS_SESSION
Pass a pointer to a 'struct curl_tlssessioninfo *'. The pointer will be
initialized to refer to a 'struct curl_tlssessioninfo *' that will contain an

2
docs/libcurl/opts/CURLOPT_CERTINFO.3
View File

@ -29,7 +29,7 @@ CURLOPT_CERTINFO \- request SSL certificate information
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
.SH DESCRIPTION
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will
this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
extract lots of information and data about the certificates in the certificate
chain used in the SSL connection. This data may then be retrieved after a
transfer using \fIcurl_easy_getinfo(3)\fP and its option

2
docs/libcurl/symbols-in-versions
View File

@ -615,7 +615,7 @@ CURLSSLBACKEND_NONE 7.34.0
CURLSSLBACKEND_NSS 7.34.0
CURLSSLBACKEND_OPENSSL 7.34.0
CURLSSLBACKEND_POLARSSL 7.34.0
CURLSSLBACKEND_QSOSSL 7.34.0
CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1
CURLSSLBACKEND_SCHANNEL 7.34.0
CURLSSLOPT_ALLOW_BEAST 7.25.0
CURLUSESSL_ALL 7.17.0

2
include/curl/curl.h
View File

@ -2034,7 +2034,7 @@ typedef enum {
CURLSSLBACKEND_OPENSSL = 1,
CURLSSLBACKEND_GNUTLS = 2,
CURLSSLBACKEND_NSS = 3,
CURLSSLBACKEND_QSOSSL = 4,
CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */
CURLSSLBACKEND_GSKIT = 5,
CURLSSLBACKEND_POLARSSL = 6,
CURLSSLBACKEND_CYASSL = 7,

4
lib/Makefile.inc
View File

@ -21,10 +21,10 @@
###########################################################################
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
vtls/qssl.c vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
LIB_VTLS_HFILES = vtls/qssl.h vtls/openssl.h vtls/vtls.h vtls/gtls.h \
LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \
vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h

1
lib/Makefile.vc6
View File

@ -599,7 +599,6 @@ X_OBJS= \
$(DIROBJ)\polarssl_threadlock.obj \
$(DIROBJ)\pop3.obj \
$(DIROBJ)\progress.obj \
$(DIROBJ)\qssl.obj \
$(DIROBJ)\rawstr.obj \
$(DIROBJ)\rtsp.obj \
$(DIROBJ)\security.obj \

5
lib/config-os400.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -537,9 +537,6 @@
/* Define to the function return type for send. */
#define SEND_TYPE_RETV int
/* Define to use the QsoSSL package. */
#undef USE_QSOSSL
/* Define to use the GSKit package. */
#define USE_GSKIT

4
lib/curl_setup.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -602,7 +602,7 @@ int netware_init(void);
#define LIBIDN_REQUIRED_VERSION "0.4.1"
#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \
defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \
defined(USE_POLARSSL) || defined(USE_AXTLS) || \
defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_GSKIT)
#define USE_SSL /* SSL support has been enabled */

3
lib/getinfo.c
View File

@ -312,9 +312,6 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
#ifdef USE_NSS
internals = conn->ssl[sockindex].handle;
#endif
#ifdef USE_QSOSSL
internals = conn->ssl[sockindex].handle;
#endif
#ifdef USE_GSKIT
internals = conn->ssl[sockindex].handle;
#endif

5
lib/hostcheck.c
View File

@ -22,8 +22,7 @@
#include "curl_setup.h"
#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
defined(USE_GSKIT)
#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_GSKIT)
/* these backends use functions from this file */
#ifdef HAVE_NETINET_IN_H
@ -145,4 +144,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
return res;
}
#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */
#endif /* SSLEAY or AXTLS or GSKIT */

18
lib/setup-os400.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -37,7 +37,6 @@ typedef unsigned long u_int32_t;
#include <sys/socket.h>
#include <netdb.h>
#include <qsossl.h>
#include <gskssl.h>
#include <qsoasync.h>
#include <gssapi.h>
@ -57,21 +56,6 @@ extern int Curl_getnameinfo_a(const struct sockaddr * sa,
#define getnameinfo Curl_getnameinfo_a
/* SSL wrappers. */
extern int Curl_SSL_Init_Application_a(SSLInitApp * init_app);
#define SSL_Init_Application Curl_SSL_Init_Application_a
extern int Curl_SSL_Init_a(SSLInit * init);
#define SSL_Init Curl_SSL_Init_a
extern char * Curl_SSL_Strerror_a(int sslreturnvalue,
SSLErrorMsg * serrmsgp);
#define SSL_Strerror Curl_SSL_Strerror_a
/* GSKit wrappers. */
extern int Curl_gsk_environment_open(gsk_handle * my_env_handle);

7
lib/urldata.h
View File

@ -138,10 +138,6 @@
#include <pk11pub.h>
#endif
#ifdef USE_QSOSSL
#include <qsossl.h>
#endif
#ifdef USE_GSKIT
#include <gskssl.h>
#endif
@ -328,9 +324,6 @@ struct ssl_connect_data {
PK11GenericObject *obj_clicert;
ssl_connect_state connecting_state;
#endif /* USE_NSS */
#ifdef USE_QSOSSL
SSLHandle *handle;
#endif /* USE_QSOSSL */
#ifdef USE_GSKIT
gsk_handle handle;
int iocport;

527
lib/vtls/qssl.c
View File

@ -1,527 +0,0 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "curl_setup.h"
#ifdef USE_QSOSSL
#include <qsossl.h>
#ifdef HAVE_LIMITS_H
# include <limits.h>
#endif
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
#include "qssl.h"
#include "vtls.h"
#include "connect.h" /* for the connect timeout */
#include "select.h"
#include "x509asn1.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
int Curl_qsossl_init(void)
{
/* Nothing to do here. We must have connection data to initialize ssl, so
* defer.
*/
return 1;
}
void Curl_qsossl_cleanup(void)
{
/* Nothing to do. */
}
static CURLcode Curl_qsossl_init_session(struct SessionHandle * data)
{
int rc;
char * certname;
SSLInit initstr;
SSLInitApp initappstr;
/* Initialize the job for SSL according to the current parameters.
* QsoSSL offers two ways to do it: SSL_Init_Application() that uses an
* application identifier to select certificates in the main certificate
* store, and SSL_Init() that uses named keyring files and a password.
* It is not possible to have different keyrings for the CAs and the
* local certificate. We thus use the certificate name to identify the
* keyring if given, else the CA file name.
* If the key file name is given, it is taken as the password for the
* keyring in certificate file.
* We first try to SSL_Init_Application(), then SSL_Init() if it failed.
*/
certname = data->set.str[STRING_CERT];
if(!certname) {
certname = data->set.str[STRING_SSL_CAFILE];
if(!certname)
return CURLE_OK; /* Use previous setup. */
}
memset((char *) &initappstr, 0, sizeof initappstr);
initappstr.applicationID = certname;
initappstr.applicationIDLen = strlen(certname);
initappstr.protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */
initappstr.sessionType = SSL_REGISTERED_AS_CLIENT;
rc = SSL_Init_Application(&initappstr);
if(rc == SSL_ERROR_NOT_REGISTERED) {
initstr.keyringFileName = certname;
initstr.keyringPassword = data->set.str[STRING_KEY];
initstr.cipherSuiteList = NULL; /* Use default. */
initstr.cipherSuiteListLen = 0;
rc = SSL_Init(&initstr);
}
switch (rc) {
case 0: /* No error. */
break;
case SSL_ERROR_IO:
failf(data, "SSL_Init() I/O error: %s", strerror(errno));
return CURLE_SSL_CONNECT_ERROR;
case SSL_ERROR_BAD_CIPHER_SUITE:
return CURLE_SSL_CIPHER;
case SSL_ERROR_KEYPASSWORD_EXPIRED:
case SSL_ERROR_NOT_REGISTERED:
return CURLE_SSL_CONNECT_ERROR;
case SSL_ERROR_NO_KEYRING:
return CURLE_SSL_CACERT;
case SSL_ERROR_CERT_EXPIRED:
return CURLE_SSL_CERTPROBLEM;
default:
failf(data, "SSL_Init(): %s", SSL_Strerror(rc, NULL));
return CURLE_SSL_CONNECT_ERROR;
}
return CURLE_OK;
}
static CURLcode Curl_qsossl_create(struct connectdata * conn, int sockindex)
{
SSLHandle * h;
struct ssl_connect_data * connssl = &conn->ssl[sockindex];
h = SSL_Create(conn->sock[sockindex], SSL_ENCRYPT);
if(!h) {
failf(conn->data, "SSL_Create() I/O error: %s", strerror(errno));
return CURLE_SSL_CONNECT_ERROR;
}
connssl->handle = h;
return CURLE_OK;
}
static int Curl_qsossl_trap_cert(SSLHandle * h)
{
return 1; /* Accept certificate. */
}
static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
{
int rc;
struct SessionHandle * data = conn->data;
struct ssl_connect_data * connssl = &conn->ssl[sockindex];
SSLHandle * h = connssl->handle;
long timeout_ms;
h->exitPgm = data->set.ssl.verifypeer? NULL: Curl_qsossl_trap_cert;
/* figure out how long time we should wait at maximum */
timeout_ms = Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0) {
/* time-out, bail out, go home */
failf(data, "Connection time-out");
return CURLE_OPERATION_TIMEDOUT;
}
/* SSL_Handshake() timeout resolution is second, so round up. */
h->timeout = (timeout_ms + 1000 - 1) / 1000;
/* Set-up protocol. */
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
h->protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */
break;
case CURL_SSLVERSION_TLSv1:
h->protocol = TLS_VERSION_1;
break;
case CURL_SSLVERSION_SSLv2:
h->protocol = SSL_VERSION_2;
break;
case CURL_SSLVERSION_SSLv3:
h->protocol = SSL_VERSION_3;
break;
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
failf(data, "TLS minor version cannot be set");
return CURLE_SSL_CONNECT_ERROR;
}
h->peerCert = NULL;
h->peerCertLen = 0;
rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
switch (rc) {
case 0: /* No error. */
break;
case SSL_ERROR_BAD_CERTIFICATE:
case SSL_ERROR_BAD_CERT_SIG:
case SSL_ERROR_NOT_TRUSTED_ROOT:
return CURLE_PEER_FAILED_VERIFICATION;
case SSL_ERROR_BAD_CIPHER_SUITE:
case SSL_ERROR_NO_CIPHERS:
return CURLE_SSL_CIPHER;
case SSL_ERROR_CERTIFICATE_REJECTED:
case SSL_ERROR_CERT_EXPIRED:
case SSL_ERROR_NO_CERTIFICATE:
return CURLE_SSL_CERTPROBLEM;
case SSL_ERROR_IO:
failf(data, "SSL_Handshake() I/O error: %s", strerror(errno));
return CURLE_SSL_CONNECT_ERROR;
default:
failf(data, "SSL_Handshake(): %s", SSL_Strerror(rc, NULL));
return CURLE_SSL_CONNECT_ERROR;
}
/* Verify host. */
rc = Curl_verifyhost(conn, h->peerCert, h->peerCert + h->peerCertLen);
if(rc != CURLE_OK)
return rc;
/* Gather certificate info. */
if(data->set.ssl.certinfo) {
if(Curl_ssl_init_certinfo(data, 1))
return CURLE_OUT_OF_MEMORY;
if(h->peerCert) {
rc = Curl_extract_certinfo(conn, 0, h->peerCert,
h->peerCert + h->peerCertLen);
if(rc != CURLE_OK)
return rc;
}
}
return CURLE_OK;
}
static Curl_recv qsossl_recv;
static Curl_send qsossl_send;
CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex)
{
struct SessionHandle * data = conn->data;
struct ssl_connect_data * connssl = &conn->ssl[sockindex];
int rc;
rc = Curl_qsossl_init_session(data);
if(rc == CURLE_OK) {
rc = Curl_qsossl_create(conn, sockindex);
if(rc == CURLE_OK) {
rc = Curl_qsossl_handshake(conn, sockindex);
if(rc != CURLE_OK)
SSL_Destroy(connssl->handle);
}
}
if(rc == CURLE_OK) {
conn->recv[sockindex] = qsossl_recv;
conn->send[sockindex] = qsossl_send;
connssl->state = ssl_connection_complete;
}
else {
connssl->handle = NULL;
connssl->use = FALSE;
connssl->state = ssl_connection_none;
}
return rc;
}
static int Curl_qsossl_close_one(struct ssl_connect_data * conn,
struct SessionHandle * data)
{
int rc;
if(!conn->handle)
return 0;
rc = SSL_Destroy(conn->handle);
if(rc) {
if(rc == SSL_ERROR_IO) {
failf(data, "SSL_Destroy() I/O error: %s", strerror(errno));
return -1;
}
/* An SSL error. */
failf(data, "SSL_Destroy() returned error %s", SSL_Strerror(rc, NULL));
return -1;
}
conn->handle = NULL;
return 0;
}
void Curl_qsossl_close(struct connectdata *conn, int sockindex)
{
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
if(connssl->use)
(void) Curl_qsossl_close_one(connssl, data);
}
int Curl_qsossl_close_all(struct SessionHandle * data)
{
/* Unimplemented. */
(void) data;
return 0;
}
int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex)
{
struct ssl_connect_data * connssl = &conn->ssl[sockindex];
struct SessionHandle *data = conn->data;
ssize_t nread;
int what;
int rc;
char buf[120];
if(!connssl->handle)
return 0;
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
return 0;
if(Curl_qsossl_close_one(connssl, data))
return -1;
rc = 0;
what = Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
for(;;) {
if(what < 0) {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
rc = -1;
break;
}
if(!what) { /* timeout */
failf(data, "SSL shutdown timeout");
break;
}
/* Something to read, let's do it and hope that it is the close
notify alert from the server. No way to SSL_Read now, so use read(). */
nread = read(conn->sock[sockindex], buf, sizeof(buf));
if(nread < 0) {
failf(data, "read: %s", strerror(errno));
rc = -1;
}
if(nread <= 0)
break;
what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
}
return rc;
}
static ssize_t qsossl_send(struct connectdata * conn, int sockindex,
const void * mem, size_t len, CURLcode * curlcode)
{
/* SSL_Write() is said to return 'int' while write() and send() returns
'size_t' */
int rc;
rc = SSL_Write(conn->ssl[sockindex].handle, (void *) mem, (int) len);
if(rc < 0) {
switch(rc) {
case SSL_ERROR_BAD_STATE:
/* The operation did not complete; the same SSL I/O function
should be called again later. This is basically an EWOULDBLOCK
equivalent. */
*curlcode = CURLE_AGAIN;
return -1;
case SSL_ERROR_IO:
switch (errno) {
case EWOULDBLOCK:
case EINTR:
*curlcode = CURLE_AGAIN;
return -1;
}
failf(conn->data, "SSL_Write() I/O error: %s", strerror(errno));
*curlcode = CURLE_SEND_ERROR;
return -1;
}
/* An SSL error. */
failf(conn->data, "SSL_Write() returned error %s",
SSL_Strerror(rc, NULL));
*curlcode = CURLE_SEND_ERROR;
return -1;
}
return (ssize_t) rc; /* number of bytes */
}
static ssize_t qsossl_recv(struct connectdata * conn, int num, char * buf,
size_t buffersize, CURLcode * curlcode)
{
char error_buffer[120]; /* OpenSSL documents that this must be at
least 120 bytes long. */
unsigned long sslerror;
int buffsize;
int nread;
buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
nread = SSL_Read(conn->ssl[num].handle, buf, buffsize);
if(nread < 0) {
/* failed SSL_read */
switch (nread) {
case SSL_ERROR_BAD_STATE:
/* there's data pending, re-invoke SSL_Read(). */
*curlcode = CURLE_AGAIN;
return -1;
case SSL_ERROR_IO:
switch (errno) {
case EWOULDBLOCK:
*curlcode = CURLE_AGAIN;
return -1;
}
failf(conn->data, "SSL_Read() I/O error: %s", strerror(errno));
*curlcode = CURLE_RECV_ERROR;
return -1;
default:
failf(conn->data, "SSL read error: %s", SSL_Strerror(nread, NULL));
*curlcode = CURLE_RECV_ERROR;
return -1;
}
}
return (ssize_t) nread;
}
size_t Curl_qsossl_version(char * buffer, size_t size)
{
strncpy(buffer, "IBM OS/400 SSL", size);
return strlen(buffer);
}
int Curl_qsossl_check_cxn(struct connectdata * cxn)
{
int err;
int errlen;
/* The only thing that can be tested here is at the socket level. */
if(!cxn->ssl[FIRSTSOCKET].handle)
return 0; /* connection has been closed */
err = 0;
errlen = sizeof err;
if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
(unsigned char *) &err, &errlen) ||
errlen != sizeof err || err)
return 0; /* connection has been closed */
return -1; /* connection status unknown */
}
#endif /* USE_QSOSSL */

65
lib/vtls/qssl.h
View File

@ -1,65 +0,0 @@
#ifndef HEADER_CURL_QSSL_H
#define HEADER_CURL_QSSL_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "curl_setup.h"
/*
* This header should only be needed to get included by vtls.c and qssl.c
*/
#include "urldata.h"
#ifdef USE_QSOSSL
int Curl_qsossl_init(void);
void Curl_qsossl_cleanup(void);
CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
void Curl_qsossl_close(struct connectdata *conn, int sockindex);
int Curl_qsossl_close_all(struct SessionHandle * data);
int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex);
size_t Curl_qsossl_version(char * buffer, size_t size);
int Curl_qsossl_check_cxn(struct connectdata * cxn);
/* this backend supports CURLOPT_CERTINFO */
#define have_curlssl_certinfo 1
/* API setup for QsoSSL */
#define curlssl_init Curl_qsossl_init
#define curlssl_cleanup Curl_qsossl_cleanup
#define curlssl_connect Curl_qsossl_connect
/* No session handling for QsoSSL */
#define curlssl_session_free(x) Curl_nop_stmt
#define curlssl_close_all Curl_qsossl_close_all
#define curlssl_close Curl_qsossl_close
#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y)
#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN
#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN
#define curlssl_engines_list(x) NULL
#define curlssl_version Curl_qsossl_version
#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x)
#define curlssl_data_pending(x,y) 0
#define CURL_SSL_BACKEND CURLSSLBACKEND_QSOSSL
#endif /* USE_QSOSSL */
#endif /* HEADER_CURL_QSSL_H */

1
lib/vtls/vtls.c
View File

@ -31,7 +31,6 @@
Curl_ossl_ - prefix for OpenSSL ones
Curl_gtls_ - prefix for GnuTLS ones
Curl_nss_ - prefix for NSS ones
Curl_qssl_ - prefix for QsoSSL ones
Curl_gskit_ - prefix for GSKit ones
Curl_polarssl_ - prefix for PolarSSL ones
Curl_cyassl_ - prefix for CyaSSL ones

1
lib/vtls/vtls.h
View File

@ -26,7 +26,6 @@
#include "openssl.h" /* OpenSSL versions */
#include "gtls.h" /* GnuTLS versions */
#include "nssg.h" /* NSS versions */
#include "qssl.h" /* QSOSSL versions */
#include "gskit.h" /* Global Secure ToolKit versions */
#include "polarssl.h" /* PolarSSL versions */
#include "axtls.h" /* axTLS versions */

8
lib/x509asn1.c
View File

@ -22,7 +22,7 @@
#include "curl_setup.h"
#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
#if defined(USE_GSKIT) || defined(USE_NSS)
#include <curl/curl.h>
#include "urldata.h"
@ -1019,9 +1019,9 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
return CURLE_OK;
}
#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
#endif /* USE_GSKIT or USE_NSS */
#if defined(USE_QSOSSL) || defined(USE_GSKIT)
#if defined(USE_GSKIT)
static const char * checkOID(const char * beg, const char * end,
const char * oid)
@ -1180,4 +1180,4 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
return CURLE_PEER_FAILED_VERIFICATION;
}
#endif /* USE_QSOSSL or USE_GSKIT */
#endif /* USE_GSKIT */

6
lib/x509asn1.h
View File

@ -8,7 +8,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -25,7 +25,7 @@
#include "curl_setup.h"
#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
#if defined(USE_GSKIT) || defined(USE_NSS)
#include "urldata.h"
@ -125,5 +125,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
CURLcode Curl_verifyhost(struct connectdata * conn,
const char * beg, const char * end);
#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
#endif /* USE_GSKIT or USE_NSS */
#endif /* HEADER_CURL_X509ASN1_H */

11
packages/OS400/README.OS400
View File

@ -39,12 +39,9 @@ header files are thus altered during build process to use this pragma, in
order to force libcurl enums of being type int (the pragma disposition in use
before inclusion is restored before resuming the including unit compilation).
Two SSL implementations are available to libcurl on OS/400: QsoSSL which is
obsolescent, does not support asynchronous I/O and only allows a single SSL
context within a job, and GSKit that does not suffer from these limitations
and is able to provide some information about the server certificate.
Both implementations of SSL are working on "certificate stores" or keyrings,
rather than individual certificate/key files. Certificate stores, as weel as
Secure socket layer is provided by the IBM GSKit API: unlike other SSL
implementations, GSKit is based on "certificate stores" or keyrings
rather than individual certificate/key files. Certificate stores, as well as
"certificate labels" are managed by external IBM-defined applications.
There are two ways to specify an SSL context:
- By an application identifier.
@ -213,8 +210,6 @@ _ As a prerequisite, QADRT development environment must be installed.
_ Install the curl source directory in IFS.
_ Enter shell (QSH)
_ Change current directory to the curl installation directory
- If the SSL backend has to be changed, edit file lib/config-os400.h
accordingly.
_ Change current directory to ./packages/OS400
_ Edit file iniscript.sh. You may want to change tunable configuration
parameters, like debug info generation, optimisation level, listing option,

4
packages/OS400/curl.inc.in
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -1385,7 +1385,7 @@
d c 2
d CURLSSLBACKEND_NSS...
d c 3
d CURLSSLBACKEND_QSOSSL...
d CURLSSLBACKEND_OBSOLETE4...
d c 4
d CURLSSLBACKEND_GSKIT...
d c 5

2
packages/OS400/make-lib.sh
View File

@ -161,7 +161,7 @@ then MODULES=
# formdata.c. However, there are some unsatisfied
# external references leading in the following
# modules to be (recursively) needed.
MODULES="${MODULES} EASY STRDUP SSLGEN QSSL HOSTIP HOSTIP4 HOSTIP6"
MODULES="${MODULES} EASY STRDUP SSLGEN GSKIT HOSTIP HOSTIP4 HOSTIP6"
MODULES="${MODULES} URL HASH TRANSFER GETINFO COOKIE SENDF SELECT"
MODULES="${MODULES} INET_NTOP SHARE HOSTTHRE MULTI LLIST FTP HTTP"
MODULES="${MODULES} HTTP_DIGES HTTP_CHUNK HTTP_NEGOT TIMEVAL HOSTSYN"

102
packages/OS400/os400sys.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -42,10 +42,6 @@
#include <zlib.h>
#endif
#ifdef USE_QSOSSL
#include <qsossl.h>
#endif
#ifdef USE_GSKIT
#include <gskssl.h>
#include <qsoasync.h>
@ -370,102 +366,6 @@ Curl_getaddrinfo_a(const char * nodename, const char * servname,
}
#ifdef USE_QSOSSL
/* ASCII wrappers for the SSL procedures. */
int
Curl_SSL_Init_Application_a(SSLInitApp * init_app)
{
int rc;
unsigned int i;
SSLInitApp ia;
if(!init_app || !init_app->applicationID || !init_app->applicationIDLen)
return SSL_Init_Application(init_app);
memcpy((char *) &ia, (char *) init_app, sizeof ia);
i = ia.applicationIDLen;
if(!(ia.applicationID = malloc(i + 1))) {
errno = ENOMEM;
return SSL_ERROR_IO;
}
QadrtConvertA2E(ia.applicationID, init_app->applicationID, i, i);
ia.applicationID[i] = '\0';
rc = SSL_Init_Application(&ia);
free(ia.applicationID);
init_app->localCertificateLen = ia.localCertificateLen;
init_app->sessionType = ia.sessionType;
return rc;
}
int
Curl_SSL_Init_a(SSLInit * init)
{
int rc;
unsigned int i;
SSLInit ia;
if(!init || (!init->keyringFileName && !init->keyringPassword))
return SSL_Init(init);
memcpy((char *) &ia, (char *) init, sizeof ia);
if(ia.keyringFileName) {
i = strlen(ia.keyringFileName);
if(!(ia.keyringFileName = malloc(i + 1))) {
errno = ENOMEM;
return SSL_ERROR_IO;
}
QadrtConvertA2E(ia.keyringFileName, init->keyringFileName, i, i);
ia.keyringFileName[i] = '\0';
}
if(ia.keyringPassword) {
i = strlen(ia.keyringPassword);
if(!(ia.keyringPassword = malloc(i + 1))) {
if(ia.keyringFileName)
free(ia.keyringFileName);
errno = ENOMEM;
return SSL_ERROR_IO;
}
QadrtConvertA2E(ia.keyringPassword, init->keyringPassword, i, i);
ia.keyringPassword[i] = '\0';
}
rc = SSL_Init(&ia);
if(ia.keyringFileName)
free(ia.keyringFileName);
if(ia.keyringPassword)
free(ia.keyringPassword);
return rc;
}
char *
Curl_SSL_Strerror_a(int sslreturnvalue, SSLErrorMsg * serrmsgp)
{
return set_thread_string(LK_SSL_ERROR,
SSL_Strerror(sslreturnvalue, serrmsgp));
}
#endif /* USE_QSOSSL */
#ifdef USE_GSKIT
/* ASCII wrappers for the GSKit procedures. */

2
packages/Symbian/group/libcurl.mmp
View File

@ -31,7 +31,7 @@ SOURCE \
http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c \
hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c \
select.c vtls/gtls.c vtls/vtls.c tftp.c splay.c strdup.c socks.c \
ssh.c vtls/nss.c vtls/qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c \
ssh.c vtls/nss.c rawstr.c curl_addrinfo.c socks_gssapi.c \
socks_sspi.c curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c \
pop3.c smtp.c pingpong.c rtsp.c curl_threads.c warnless.c hmac.c \
vtls/polarssl.c curl_rtmp.c openldap.c curl_gethostname.c gopher.c \

3
tests/unit/unit1397.c
View File

@ -15,8 +15,7 @@ static void unit_stop( void )
UNITTEST_START
/* only these backends define the tested functions */
#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
defined(USE_GSKIT)
#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_GSKIT)
/* here you start doing things and checking that the results are good */