mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 16:18:48 -05:00
Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
since it then inits libgcrypt and libgcrypt is being evil and EXITS the application if it fails to get a fine random seed. That's really not a nice thing to do by a library.
This commit is contained in:
parent
f611f42dcf
commit
503557e5ce
5
CHANGES
5
CHANGES
@ -7,6 +7,11 @@
|
|||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
Daniel S (28 April 2007)
|
Daniel S (28 April 2007)
|
||||||
|
- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
|
||||||
|
since it then inits libgcrypt and libgcrypt is being evil and EXITS the
|
||||||
|
application if it fails to get a fine random seed. That's really not a nice
|
||||||
|
thing to do by a library.
|
||||||
|
|
||||||
- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
|
- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
|
||||||
been removed from a multi handle, and then fixed another flaw that prevented
|
been removed from a multi handle, and then fixed another flaw that prevented
|
||||||
curl_easy_duphandle() to work even after the first fix - the handle was
|
curl_easy_duphandle() to work even after the first fix - the handle was
|
||||||
|
@ -31,6 +31,8 @@ This release includes the following bugfixes:
|
|||||||
o compilation on VMS 64-bit mode
|
o compilation on VMS 64-bit mode
|
||||||
o SCP/SFTP downloads could hang on the last bytes of a transfer
|
o SCP/SFTP downloads could hang on the last bytes of a transfer
|
||||||
o curl_easy_duphandle() crash
|
o curl_easy_duphandle() crash
|
||||||
|
o curl -V / curl_verion*() works even when GnuTLS is used on a system without
|
||||||
|
a good random source
|
||||||
|
|
||||||
This release includes the following known bugs:
|
This release includes the following known bugs:
|
||||||
|
|
||||||
|
34
lib/gtls.c
34
lib/gtls.c
@ -63,7 +63,7 @@ static void tls_log_func(int level, const char *str)
|
|||||||
fprintf(stderr, "|<%d>| %s", level, str);
|
fprintf(stderr, "|<%d>| %s", level, str);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
static bool gtls_inited = FALSE;
|
||||||
/*
|
/*
|
||||||
* Custom push and pull callback functions used by GNU TLS to read and write
|
* Custom push and pull callback functions used by GNU TLS to read and write
|
||||||
* to the socket. These functions are simple wrappers to send() and recv()
|
* to the socket. These functions are simple wrappers to send() and recv()
|
||||||
@ -85,17 +85,33 @@ static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
|
|||||||
/* Global GnuTLS init, called from Curl_ssl_init() */
|
/* Global GnuTLS init, called from Curl_ssl_init() */
|
||||||
int Curl_gtls_init(void)
|
int Curl_gtls_init(void)
|
||||||
{
|
{
|
||||||
gnutls_global_init();
|
/* Unfortunately we can not init here, things like curl --version will
|
||||||
#ifdef GTLSDEBUG
|
* fail to work if there is no egd socket available because libgcrypt
|
||||||
gnutls_global_set_log_function(tls_log_func);
|
* will EXIT the application!!
|
||||||
gnutls_global_set_log_level(2);
|
* By doing the actual init later (before actually trying to use GnuTLS),
|
||||||
#endif
|
* we can at least provide basic info etc.
|
||||||
|
*/
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int _Curl_gtls_init(void)
|
||||||
|
{
|
||||||
|
int ret = 1;
|
||||||
|
if (!gtls_inited) {
|
||||||
|
ret = gnutls_global_init()?0:1;
|
||||||
|
#ifdef GTLSDEBUG
|
||||||
|
gnutls_global_set_log_function(tls_log_func);
|
||||||
|
gnutls_global_set_log_level(2);
|
||||||
|
#endif
|
||||||
|
gtls_inited = TRUE;
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
int Curl_gtls_cleanup(void)
|
int Curl_gtls_cleanup(void)
|
||||||
{
|
{
|
||||||
gnutls_global_deinit();
|
if (gtls_inited)
|
||||||
|
gnutls_global_deinit();
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -132,7 +148,8 @@ static CURLcode handshake(struct connectdata *conn,
|
|||||||
{
|
{
|
||||||
struct SessionHandle *data = conn->data;
|
struct SessionHandle *data = conn->data;
|
||||||
int rc;
|
int rc;
|
||||||
|
if (!gtls_inited)
|
||||||
|
_Curl_gtls_init();
|
||||||
do {
|
do {
|
||||||
rc = gnutls_handshake(session);
|
rc = gnutls_handshake(session);
|
||||||
|
|
||||||
@ -227,6 +244,7 @@ Curl_gtls_connect(struct connectdata *conn,
|
|||||||
void *ssl_sessionid;
|
void *ssl_sessionid;
|
||||||
size_t ssl_idsize;
|
size_t ssl_idsize;
|
||||||
|
|
||||||
|
if (!gtls_inited) _Curl_gtls_init();
|
||||||
/* GnuTLS only supports TLSv1 (and SSLv3?) */
|
/* GnuTLS only supports TLSv1 (and SSLv3?) */
|
||||||
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
|
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
|
||||||
failf(data, "GnuTLS does not support SSLv2");
|
failf(data, "GnuTLS does not support SSLv2");
|
||||||
|
Loading…
Reference in New Issue
Block a user