mirror of
https://github.com/moparisthebest/curl
synced 2024-11-12 04:25:08 -05:00
polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created to ensure forward compatibility for code using old API: * x509 certificate structure has been renamed to from x509_cert to x509_crt * new dedicated setter for RSA certificates ssl_set_own_cert_rsa, ssl_set_own_cert is for generic keys * ssl_default_ciphersuites has been replaced by function ssl_list_ciphersuites() This patch drops the use of the compatibly header.
This commit is contained in:
parent
7a1fb8e816
commit
31265376bc
@ -31,7 +31,6 @@
|
|||||||
|
|
||||||
#ifdef USE_POLARSSL
|
#ifdef USE_POLARSSL
|
||||||
|
|
||||||
#include <polarssl/compat-1.2.h>
|
|
||||||
#include <polarssl/net.h>
|
#include <polarssl/net.h>
|
||||||
#include <polarssl/ssl.h>
|
#include <polarssl/ssl.h>
|
||||||
#include <polarssl/certs.h>
|
#include <polarssl/certs.h>
|
||||||
@ -184,7 +183,7 @@ polarssl_connect_step1(struct connectdata *conn,
|
|||||||
memset(&connssl->cacert, 0, sizeof(x509_crt));
|
memset(&connssl->cacert, 0, sizeof(x509_crt));
|
||||||
|
|
||||||
if(data->set.str[STRING_SSL_CAFILE]) {
|
if(data->set.str[STRING_SSL_CAFILE]) {
|
||||||
ret = x509parse_crtfile(&connssl->cacert,
|
ret = x509_crt_parse_file(&connssl->cacert,
|
||||||
data->set.str[STRING_SSL_CAFILE]);
|
data->set.str[STRING_SSL_CAFILE]);
|
||||||
|
|
||||||
if(ret<0) {
|
if(ret<0) {
|
||||||
@ -203,7 +202,7 @@ polarssl_connect_step1(struct connectdata *conn,
|
|||||||
memset(&connssl->clicert, 0, sizeof(x509_crt));
|
memset(&connssl->clicert, 0, sizeof(x509_crt));
|
||||||
|
|
||||||
if(data->set.str[STRING_CERT]) {
|
if(data->set.str[STRING_CERT]) {
|
||||||
ret = x509parse_crtfile(&connssl->clicert,
|
ret = x509_crt_parse_file(&connssl->clicert,
|
||||||
data->set.str[STRING_CERT]);
|
data->set.str[STRING_CERT]);
|
||||||
|
|
||||||
if(ret) {
|
if(ret) {
|
||||||
@ -219,9 +218,17 @@ polarssl_connect_step1(struct connectdata *conn,
|
|||||||
|
|
||||||
/* Load the client private key */
|
/* Load the client private key */
|
||||||
if(data->set.str[STRING_KEY]) {
|
if(data->set.str[STRING_KEY]) {
|
||||||
ret = x509parse_keyfile(&connssl->rsa,
|
pk_context pk;
|
||||||
data->set.str[STRING_KEY],
|
pk_init(&pk);
|
||||||
|
ret = pk_parse_keyfile(&pk, data->set.str[STRING_KEY],
|
||||||
data->set.str[STRING_KEY_PASSWD]);
|
data->set.str[STRING_KEY_PASSWD]);
|
||||||
|
if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA))
|
||||||
|
ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
|
||||||
|
if(ret == 0)
|
||||||
|
rsa_copy(&connssl->rsa, pk_rsa(pk));
|
||||||
|
else
|
||||||
|
rsa_free(&connssl->rsa);
|
||||||
|
pk_free(&pk);
|
||||||
|
|
||||||
if(ret) {
|
if(ret) {
|
||||||
#ifdef POLARSSL_ERROR_C
|
#ifdef POLARSSL_ERROR_C
|
||||||
@ -238,7 +245,7 @@ polarssl_connect_step1(struct connectdata *conn,
|
|||||||
memset(&connssl->crl, 0, sizeof(x509_crl));
|
memset(&connssl->crl, 0, sizeof(x509_crl));
|
||||||
|
|
||||||
if(data->set.str[STRING_SSL_CRLFILE]) {
|
if(data->set.str[STRING_SSL_CRLFILE]) {
|
||||||
ret = x509parse_crlfile(&connssl->crl,
|
ret = x509_crl_parse_file(&connssl->crl,
|
||||||
data->set.str[STRING_SSL_CRLFILE]);
|
data->set.str[STRING_SSL_CRLFILE]);
|
||||||
|
|
||||||
if(ret) {
|
if(ret) {
|
||||||
@ -274,12 +281,7 @@ polarssl_connect_step1(struct connectdata *conn,
|
|||||||
net_recv, &conn->sock[sockindex],
|
net_recv, &conn->sock[sockindex],
|
||||||
net_send, &conn->sock[sockindex]);
|
net_send, &conn->sock[sockindex]);
|
||||||
|
|
||||||
|
ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
|
||||||
#if POLARSSL_VERSION_NUMBER<0x01000000
|
|
||||||
ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);
|
|
||||||
#else
|
|
||||||
ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);
|
|
||||||
#endif
|
|
||||||
if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
|
if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
|
||||||
memcpy(&connssl->ssn, old_session, old_session_size);
|
memcpy(&connssl->ssn, old_session, old_session_size);
|
||||||
infof(data, "PolarSSL re-using session\n");
|
infof(data, "PolarSSL re-using session\n");
|
||||||
@ -404,15 +406,8 @@ polarssl_connect_step2(struct connectdata *conn,
|
|||||||
/* If the session was resumed, there will be no peer certs */
|
/* If the session was resumed, there will be no peer certs */
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset(buffer, 0, sizeof(buffer));
|
||||||
|
|
||||||
/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
|
if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
|
||||||
1.1.4 version and the like */
|
|
||||||
#if POLARSSL_VERSION_NUMBER<0x01020000
|
|
||||||
if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
|
|
||||||
conn->ssl[sockindex].ssl.peer_cert) != -1)
|
|
||||||
#else
|
|
||||||
if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
|
|
||||||
ssl_get_peer_cert(&(connssl->ssl))) != -1)
|
ssl_get_peer_cert(&(connssl->ssl))) != -1)
|
||||||
#endif
|
|
||||||
infof(data, "Dumping cert info:\n%s\n", buffer);
|
infof(data, "Dumping cert info:\n%s\n", buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -497,8 +492,8 @@ void Curl_polarssl_close_all(struct SessionHandle *data)
|
|||||||
void Curl_polarssl_close(struct connectdata *conn, int sockindex)
|
void Curl_polarssl_close(struct connectdata *conn, int sockindex)
|
||||||
{
|
{
|
||||||
rsa_free(&conn->ssl[sockindex].rsa);
|
rsa_free(&conn->ssl[sockindex].rsa);
|
||||||
x509_free(&conn->ssl[sockindex].clicert);
|
x509_crt_free(&conn->ssl[sockindex].clicert);
|
||||||
x509_free(&conn->ssl[sockindex].cacert);
|
x509_crt_free(&conn->ssl[sockindex].cacert);
|
||||||
x509_crl_free(&conn->ssl[sockindex].crl);
|
x509_crl_free(&conn->ssl[sockindex].crl);
|
||||||
ssl_free(&conn->ssl[sockindex].ssl);
|
ssl_free(&conn->ssl[sockindex].ssl);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user