moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 17:31:46 -05:00
Code Issues Releases Wiki Activity

Secure Transport: no more "darwinssl"

Browse Source 
Everyone calls it Secure Transport, now we do too.

Reviewed-by: Nick Zitzmann

Closes #3619
This commit is contained in:
Daniel Stenberg 2019-02-26 09:21:12 +01:00
parent 267fae336b
commit 76a9c3c4be
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
10 changed files with 134 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
configure.ac
View File

@ -155,7 +155,7 @@ AC_SUBST(PKGADD_VENDOR)
dnl dnl
dnl initialize all the info variables dnl initialize all the info variables
curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,winssl,darwinssl,mesalink} )" curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,schannel,secure-transport,mesalink} )"
curl_ssh_msg="no (--with-libssh2)" curl_ssh_msg="no (--with-libssh2)"
curl_zlib_msg="no (--with-zlib)" curl_zlib_msg="no (--with-zlib)"
curl_brotli_msg="no (--with-brotli)" curl_brotli_msg="no (--with-brotli)"
@ -1509,22 +1509,27 @@ else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
OPT_DARWINSSL=no OPT_SECURETRANSPORT=no
AC_ARG_WITH(darwinssl,dnl AC_ARG_WITH(darwinssl,dnl
AC_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS]) AC_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS])
AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]), AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]),
OPT_DARWINSSL=$withval) OPT_SECURETRANSPORT=$withval)
AC_MSG_CHECKING([whether to enable Apple OS native SSL/TLS]) AC_ARG_WITH(secure-transport,dnl
if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then AC_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS])
if test "x$OPT_DARWINSSL" != "xno" && AC_HELP_STRING([--without-secure-transport], [disable Apple OS native SSL/TLS]),
OPT_SECURETRANSPORT=$withval)
AC_MSG_CHECKING([whether to enable Secure Transport])
if test -z "$ssl_backends" -o "x$OPT_SECURETRANSPORT" != xno; then
if test "x$OPT_SECURETRANSPORT" != "xno" &&
test -d "/System/Library/Frameworks/Security.framework"; then test -d "/System/Library/Frameworks/Security.framework"; then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support]) AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport])
AC_SUBST(USE_DARWINSSL, [1]) AC_SUBST(USE_SECTRANSP, [1])
ssl_msg="Apple OS-native" ssl_msg="Secure Transport"
test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
DARWINSSL_ENABLED=1 SECURETRANSPORT_ENABLED=1
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
else else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
@ -2633,10 +2638,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi fi
case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED" in
x) x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, or --with-mesalink to address this.])
;; ;;
x1) x1)
# one SSL backend is enabled # one SSL backend is enabled
@ -3065,9 +3070,9 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
elif test "x$CYASSL_ENABLED" = "x1"; then elif test "x$CYASSL_ENABLED" = "x1"; then
versioned_symbols_flavour="CYASSL_" versioned_symbols_flavour="CYASSL_"
elif test "x$WINSSL_ENABLED" = "x1"; then elif test "x$WINSSL_ENABLED" = "x1"; then
versioned_symbols_flavour="WINSSL_" versioned_symbols_flavour="SCHANNEL_"
elif test "x$DARWINSSL_ENABLED" = "x1"; then elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then
versioned_symbols_flavour="DARWINSSL_" versioned_symbols_flavour="SECURE_TRANSPORT_"
else else
versioned_symbols_flavour="" versioned_symbols_flavour=""
fi fi
@ -4118,7 +4123,7 @@ fi
if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
-o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
if test "x$CURL_DISABLE_HTTP" != "x1" -a \ if test "x$CURL_DISABLE_HTTP" != "x1" -a \
@ -4200,7 +4205,7 @@ if test "x$CURL_DISABLE_SMB" != "x1" \
-a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
-o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1" \); then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
if test "x$SSL_ENABLED" = "x1"; then if test "x$SSL_ENABLED" = "x1"; then
SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"

3
docs/libcurl/symbols-in-versions
View File

@ -707,7 +707,7 @@ CURLSSH_AUTH_PUBLICKEY 7.16.1
CURLSSLBACKEND_AXTLS 7.38.0 7.61.0 CURLSSLBACKEND_AXTLS 7.38.0 7.61.0
CURLSSLBACKEND_BORINGSSL 7.49.0 CURLSSLBACKEND_BORINGSSL 7.49.0
CURLSSLBACKEND_CYASSL 7.34.0 CURLSSLBACKEND_CYASSL 7.34.0
CURLSSLBACKEND_DARWINSSL 7.34.0 CURLSSLBACKEND_DARWINSSL 7.34.0 7.64.1
CURLSSLBACKEND_GNUTLS 7.34.0 CURLSSLBACKEND_GNUTLS 7.34.0
CURLSSLBACKEND_GSKIT 7.34.0 CURLSSLBACKEND_GSKIT 7.34.0
CURLSSLBACKEND_LIBRESSL 7.49.0 CURLSSLBACKEND_LIBRESSL 7.49.0
@ -719,6 +719,7 @@ CURLSSLBACKEND_OPENSSL 7.34.0
CURLSSLBACKEND_POLARSSL 7.34.0 CURLSSLBACKEND_POLARSSL 7.34.0
CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1 CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1
CURLSSLBACKEND_SCHANNEL 7.34.0 CURLSSLBACKEND_SCHANNEL 7.34.0
CURLSSLBACKEND_SECURETRANSPORT 7.64.1
CURLSSLBACKEND_WOLFSSL 7.49.0 CURLSSLBACKEND_WOLFSSL 7.49.0
CURLSSLOPT_ALLOW_BEAST 7.25.0 CURLSSLOPT_ALLOW_BEAST 7.25.0
CURLSSLOPT_NO_REVOKE 7.44.0 CURLSSLOPT_NO_REVOKE 7.44.0

7
include/curl/curl.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -151,7 +151,7 @@ typedef enum {
CURLSSLBACKEND_POLARSSL = 6, CURLSSLBACKEND_POLARSSL = 6,
CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_WOLFSSL = 7,
CURLSSLBACKEND_SCHANNEL = 8, CURLSSLBACKEND_SCHANNEL = 8,
CURLSSLBACKEND_DARWINSSL = 9, CURLSSLBACKEND_SECURETRANSPORT = 9,
CURLSSLBACKEND_AXTLS = 10, /* never used since 7.63.0 */ CURLSSLBACKEND_AXTLS = 10, /* never used since 7.63.0 */
CURLSSLBACKEND_MBEDTLS = 11, CURLSSLBACKEND_MBEDTLS = 11,
CURLSSLBACKEND_MESALINK = 12 CURLSSLBACKEND_MESALINK = 12
@ -160,7 +160,10 @@ typedef enum {
/* aliases for library clones and renames */ /* aliases for library clones and renames */
#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL #define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL
#define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL #define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL
/* deprecated names: */
#define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL #define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL
#define CURLSSLBACKEND_DARWINSSL CURLSSLBACKEND_SECURETRANSPORT
struct curl_httppost { struct curl_httppost {
struct curl_httppost *next; /* next entry in the list */ struct curl_httppost *next; /* next entry in the list */

6
lib/Makefile.inc
View File

@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@ -30,11 +30,11 @@ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
vtls/polarssl.c vtls/polarssl_threadlock.c \ vtls/polarssl.c vtls/polarssl_threadlock.c \
vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c \ vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c \
vtls/darwinssl.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c
LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \
vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \ vtls/cyassl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \
vtls/mbedtls.h vtls/mesalink.h vtls/mbedtls.h vtls/mesalink.h
LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \

12
lib/curl_ntlm_core.c
View File

@ -38,7 +38,7 @@
3. USE_GNUTLS 3. USE_GNUTLS
4. USE_NSS 4. USE_NSS
5. USE_MBEDTLS 5. USE_MBEDTLS
6. USE_DARWINSSL 6. USE_SECTRANSP
7. USE_OS400CRYPTO 7. USE_OS400CRYPTO
8. USE_WIN32_CRYPTO 8. USE_WIN32_CRYPTO
@ -101,7 +101,7 @@
# include "curl_md4.h" # include "curl_md4.h"
# endif # endif
#elif defined(USE_DARWINSSL) #elif defined(USE_SECTRANSP)
# include <CommonCrypto/CommonCryptor.h> # include <CommonCrypto/CommonCryptor.h>
# include <CommonCrypto/CommonDigest.h> # include <CommonCrypto/CommonDigest.h>
@ -290,7 +290,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
} }
#elif defined(USE_DARWINSSL) #elif defined(USE_SECTRANSP)
static bool encrypt_des(const unsigned char *in, unsigned char *out, static bool encrypt_des(const unsigned char *in, unsigned char *out,
const unsigned char *key_56) const unsigned char *key_56)
@ -437,7 +437,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
setup_des_key(keys + 14, &des); setup_des_key(keys + 14, &des);
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results, keys);
encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 8, keys + 7);
@ -501,7 +501,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
setup_des_key(pw + 7, &des); setup_des_key(pw + 7, &des);
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ #elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer, pw);
encrypt_des(magic, lmbuffer + 8, pw + 7); encrypt_des(magic, lmbuffer + 8, pw + 7);
@ -591,7 +591,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
#else #else
Curl_md4it(ntbuffer, pw, 2 * len); Curl_md4it(ntbuffer, pw, 2 * len);
#endif #endif
#elif defined(USE_DARWINSSL) #elif defined(USE_SECTRANSP)
(void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer); (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
#elif defined(USE_OS400CRYPTO) #elif defined(USE_OS400CRYPTO)
Curl_md4it(ntbuffer, pw, 2 * len); Curl_md4it(ntbuffer, pw, 2 * len);

4
lib/curl_setup.h
View File

@ -648,7 +648,7 @@ int netware_init(void);
#if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \
defined(USE_POLARSSL) || defined(USE_MBEDTLS) || \ defined(USE_POLARSSL) || defined(USE_MBEDTLS) || \
defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_GSKIT) || defined(USE_MESALINK) defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK)
#define USE_SSL /* SSL support has been enabled */ #define USE_SSL /* SSL support has been enabled */
#endif #endif
@ -667,7 +667,7 @@ int netware_init(void);
/* Single point where USE_NTLM definition might be defined */ /* Single point where USE_NTLM definition might be defined */
#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH) #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \ #if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \ defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \
defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \ defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
defined(USE_MBEDTLS) defined(USE_MBEDTLS)

154
lib/vtls/darwinssl.c → lib/vtls/sectransp.c
View File

@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
* Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -32,7 +32,7 @@
#include "curl_base64.h" #include "curl_base64.h"
#include "strtok.h" #include "strtok.h"
#ifdef USE_DARWINSSL #ifdef USE_SECTRANSP
#ifdef __clang__ #ifdef __clang__
#pragma clang diagnostic push #pragma clang diagnostic push
@ -59,7 +59,7 @@
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
#if MAC_OS_X_VERSION_MAX_ALLOWED < 1050 #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
#error "The darwinssl back-end requires Leopard or later." #error "The Secure Transport back-end requires Leopard or later."
#endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */ #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
#define CURL_BUILD_IOS 0 #define CURL_BUILD_IOS 0
@ -105,7 +105,7 @@
#define CURL_SUPPORT_MAC_10_9 0 #define CURL_SUPPORT_MAC_10_9 0
#else #else
#error "The darwinssl back-end requires iOS or OS X." #error "The Secure Transport back-end requires iOS or macOS."
#endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */ #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
#if CURL_BUILD_MAC #if CURL_BUILD_MAC
@ -118,7 +118,7 @@
#include "connect.h" #include "connect.h"
#include "select.h" #include "select.h"
#include "vtls.h" #include "vtls.h"
#include "darwinssl.h" #include "sectransp.h"
#include "curl_printf.h" #include "curl_printf.h"
#include "strdup.h" #include "strdup.h"
@ -144,20 +144,20 @@ struct ssl_backend_data {
/* version 1 supports macOS 10.12+ and iOS 10+ */ /* version 1 supports macOS 10.12+ and iOS 10+ */
#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \ #if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
(!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)) (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
#define DARWIN_SSL_PINNEDPUBKEY_V1 1 #define SECTRANSP_PINNEDPUBKEY_V1 1
#endif #endif
/* version 2 supports MacOSX 10.7+ */ /* version 2 supports MacOSX 10.7+ */
#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) #if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
#define DARWIN_SSL_PINNEDPUBKEY_V2 1 #define SECTRANSP_PINNEDPUBKEY_V2 1
#endif #endif
#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2) #if defined(SECTRANSP_PINNEDPUBKEY_V1) || defined(SECTRANSP_PINNEDPUBKEY_V2)
/* this backend supports CURLOPT_PINNEDPUBLICKEY */ /* this backend supports CURLOPT_PINNEDPUBLICKEY */
#define DARWIN_SSL_PINNEDPUBKEY 1 #define SECTRANSP_PINNEDPUBKEY 1
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* SECTRANSP_PINNEDPUBKEY */
#ifdef DARWIN_SSL_PINNEDPUBKEY #ifdef SECTRANSP_PINNEDPUBKEY
/* both new and old APIs return rsa keys missing the spki header (not DER) */ /* both new and old APIs return rsa keys missing the spki header (not DER) */
static const unsigned char rsa4096SpkiHeader[] = { static const unsigned char rsa4096SpkiHeader[] = {
0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d,
@ -170,7 +170,7 @@ static const unsigned char rsa2048SpkiHeader[] = {
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
0x00, 0x03, 0x82, 0x01, 0x0f, 0x00}; 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00};
#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 #ifdef SECTRANSP_PINNEDPUBKEY_V1
/* the *new* version doesn't return DER encoded ecdsa certs like the old... */ /* the *new* version doesn't return DER encoded ecdsa certs like the old... */
static const unsigned char ecDsaSecp256r1SpkiHeader[] = { static const unsigned char ecDsaSecp256r1SpkiHeader[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
@ -184,8 +184,8 @@ static const unsigned char ecDsaSecp384r1SpkiHeader[] = {
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04,
0x00, 0x22, 0x03, 0x62, 0x00}; 0x00, 0x22, 0x03, 0x62, 0x00};
#endif /* DARWIN_SSL_PINNEDPUBKEY_V1 */ #endif /* SECTRANSP_PINNEDPUBKEY_V1 */
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* SECTRANSP_PINNEDPUBKEY */
/* The following two functions were ripped from Apple sample code, /* The following two functions were ripped from Apple sample code,
* with some modifications: */ * with some modifications: */
@ -1242,7 +1242,7 @@ CF_INLINE bool is_file(const char *filename)
} }
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
static CURLcode darwinssl_version_from_curl(SSLProtocol *darwinver, static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver,
long ssl_version) long ssl_version)
{ {
switch(ssl_version) { switch(ssl_version) {
@ -1312,13 +1312,13 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
if(SSLSetProtocolVersionMax != NULL) { if(SSLSetProtocolVersionMax != NULL) {
SSLProtocol darwin_ver_min = kTLSProtocol1; SSLProtocol darwin_ver_min = kTLSProtocol1;
SSLProtocol darwin_ver_max = kTLSProtocol1; SSLProtocol darwin_ver_max = kTLSProtocol1;
CURLcode result = darwinssl_version_from_curl(&darwin_ver_min, CURLcode result = sectransp_version_from_curl(&darwin_ver_min,
ssl_version); ssl_version);
if(result) { if(result) {
failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
return result; return result;
} }
result = darwinssl_version_from_curl(&darwin_ver_max, result = sectransp_version_from_curl(&darwin_ver_max,
ssl_version_max >> 16); ssl_version_max >> 16);
if(result) { if(result) {
failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
@ -1361,12 +1361,12 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
#endif /* CURL_SUPPORT_MAC_10_8 */ #endif /* CURL_SUPPORT_MAC_10_8 */
} }
#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
failf(data, "DarwinSSL: cannot set SSL protocol"); failf(data, "Secure Transport: cannot set SSL protocol");
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
static CURLcode darwinssl_connect_step1(struct connectdata *conn, static CURLcode sectransp_connect_step1(struct connectdata *conn,
int sockindex) int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -2234,7 +2234,7 @@ static int verify_cert(const char *cafile, struct Curl_easy *data,
} }
} }
#ifdef DARWIN_SSL_PINNEDPUBKEY #ifdef SECTRANSP_PINNEDPUBKEY
static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
SSLContextRef ctx, SSLContextRef ctx,
const char *pinnedpubkey) const char *pinnedpubkey)
@ -2266,14 +2266,14 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
if(keyRef == NULL) if(keyRef == NULL)
break; break;
#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 #ifdef SECTRANSP_PINNEDPUBKEY_V1
publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL); publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL);
CFRelease(keyRef); CFRelease(keyRef);
if(publicKeyBits == NULL) if(publicKeyBits == NULL)
break; break;
#elif DARWIN_SSL_PINNEDPUBKEY_V2 #elif SECTRANSP_PINNEDPUBKEY_V2
OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL, OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
&publicKeyBits); &publicKeyBits);
@ -2281,7 +2281,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
if(success != errSecSuccess || publicKeyBits == NULL) if(success != errSecSuccess || publicKeyBits == NULL)
break; break;
#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */ #endif /* SECTRANSP_PINNEDPUBKEY_V2 */
pubkeylen = CFDataGetLength(publicKeyBits); pubkeylen = CFDataGetLength(publicKeyBits);
pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits); pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits);
@ -2295,7 +2295,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
/* 2048 bit RSA pubkeylen == 270 */ /* 2048 bit RSA pubkeylen == 270 */
spkiHeader = rsa2048SpkiHeader; spkiHeader = rsa2048SpkiHeader;
break; break;
#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 #ifdef SECTRANSP_PINNEDPUBKEY_V1
case 65: case 65:
/* ecDSA secp256r1 pubkeylen == 65 */ /* ecDSA secp256r1 pubkeylen == 65 */
spkiHeader = ecDsaSecp256r1SpkiHeader; spkiHeader = ecDsaSecp256r1SpkiHeader;
@ -2308,7 +2308,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
break; break;
default: default:
infof(data, "SSL: unhandled public key length: %d\n", pubkeylen); infof(data, "SSL: unhandled public key length: %d\n", pubkeylen);
#elif DARWIN_SSL_PINNEDPUBKEY_V2 #elif SECTRANSP_PINNEDPUBKEY_V2
default: default:
/* ecDSA secp256r1 pubkeylen == 91 header already included? /* ecDSA secp256r1 pubkeylen == 91 header already included?
* ecDSA secp384r1 header already included too * ecDSA secp384r1 header already included too
@ -2316,7 +2316,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
*/ */
result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey, result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey,
pubkeylen); pubkeylen);
#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */ #endif /* SECTRANSP_PINNEDPUBKEY_V2 */
continue; /* break from loop */ continue; /* break from loop */
} }
@ -2339,10 +2339,10 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
return result; return result;
} }
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* SECTRANSP_PINNEDPUBKEY */
static CURLcode static CURLcode
darwinssl_connect_step2(struct connectdata *conn, int sockindex) sectransp_connect_step2(struct connectdata *conn, int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -2376,7 +2376,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
return res; return res;
} }
/* the documentation says we need to call SSLHandshake() again */ /* the documentation says we need to call SSLHandshake() again */
return darwinssl_connect_step2(conn, sockindex); return sectransp_connect_step2(conn, sockindex);
/* Problem with encrypt / decrypt */ /* Problem with encrypt / decrypt */
case errSSLPeerDecodeError: case errSSLPeerDecodeError:
@ -2578,7 +2578,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
/* we have been connected fine, we're not waiting for anything else. */ /* we have been connected fine, we're not waiting for anything else. */
connssl->connecting_state = ssl_connect_3; connssl->connecting_state = ssl_connect_3;
#ifdef DARWIN_SSL_PINNEDPUBKEY #ifdef SECTRANSP_PINNEDPUBKEY
if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) { if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) {
CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx, CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx,
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]); data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]);
@ -2587,7 +2587,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
return result; return result;
} }
} }
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* SECTRANSP_PINNEDPUBKEY */
/* Informational message */ /* Informational message */
(void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher); (void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher);
@ -2771,7 +2771,7 @@ show_verbose_server_cert(struct connectdata *conn,
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */ #endif /* !CURL_DISABLE_VERBOSE_STRINGS */
static CURLcode static CURLcode
darwinssl_connect_step3(struct connectdata *conn, sectransp_connect_step3(struct connectdata *conn,
int sockindex) int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -2789,11 +2789,11 @@ darwinssl_connect_step3(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
static Curl_recv darwinssl_recv; static Curl_recv sectransp_recv;
static Curl_send darwinssl_send; static Curl_send sectransp_send;
static CURLcode static CURLcode
darwinssl_connect_common(struct connectdata *conn, sectransp_connect_common(struct connectdata *conn,
int sockindex, int sockindex,
bool nonblocking, bool nonblocking,
bool *done) bool *done)
@ -2821,7 +2821,7 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OPERATION_TIMEDOUT; return CURLE_OPERATION_TIMEDOUT;
} }
result = darwinssl_connect_step1(conn, sockindex); result = sectransp_connect_step1(conn, sockindex);
if(result) if(result)
return result; return result;
} }
@ -2875,7 +2875,7 @@ darwinssl_connect_common(struct connectdata *conn,
* before step2 has completed while ensuring that a client using select() * before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on. * or epoll() will always have a valid fdset to wait on.
*/ */
result = darwinssl_connect_step2(conn, sockindex); result = sectransp_connect_step2(conn, sockindex);
if(result || (nonblocking && if(result || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state || (ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state ||
@ -2886,15 +2886,15 @@ darwinssl_connect_common(struct connectdata *conn,
if(ssl_connect_3 == connssl->connecting_state) { if(ssl_connect_3 == connssl->connecting_state) {
result = darwinssl_connect_step3(conn, sockindex); result = sectransp_connect_step3(conn, sockindex);
if(result) if(result)
return result; return result;
} }
if(ssl_connect_done == connssl->connecting_state) { if(ssl_connect_done == connssl->connecting_state) {
connssl->state = ssl_connection_complete; connssl->state = ssl_connection_complete;
conn->recv[sockindex] = darwinssl_recv; conn->recv[sockindex] = sectransp_recv;
conn->send[sockindex] = darwinssl_send; conn->send[sockindex] = sectransp_send;
*done = TRUE; *done = TRUE;
} }
else else
@ -2906,18 +2906,18 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, static CURLcode Curl_sectransp_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done) int sockindex, bool *done)
{ {
return darwinssl_connect_common(conn, sockindex, TRUE, done); return sectransp_connect_common(conn, sockindex, TRUE, done);
} }
static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex) static CURLcode Curl_sectransp_connect(struct connectdata *conn, int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
result = darwinssl_connect_common(conn, sockindex, FALSE, &done); result = sectransp_connect_common(conn, sockindex, FALSE, &done);
if(result) if(result)
return result; return result;
@ -2927,7 +2927,7 @@ static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
static void Curl_darwinssl_close(struct connectdata *conn, int sockindex) static void Curl_sectransp_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -2948,7 +2948,7 @@ static void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
BACKEND->ssl_sockfd = 0; BACKEND->ssl_sockfd = 0;
} }
static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -2963,7 +2963,7 @@ static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
return 0; return 0;
Curl_darwinssl_close(conn, sockindex); Curl_sectransp_close(conn, sockindex);
rc = 0; rc = 0;
@ -3001,18 +3001,18 @@ static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
return rc; return rc;
} }
static void Curl_darwinssl_session_free(void *ptr) static void Curl_sectransp_session_free(void *ptr)
{ {
/* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
cached session ID inside the Security framework. There is a private cached session ID inside the Security framework. There is a private
function that does this, but I don't want to have to explain to you why I function that does this, but I don't want to have to explain to you why I
got your application rejected from the App Store due to the use of a got your application rejected from the App Store due to the use of a
private API, so the best we can do is free up our own char array that we private API, so the best we can do is free up our own char array that we
created way back in darwinssl_connect_step1... */ created way back in sectransp_connect_step1... */
Curl_safefree(ptr); Curl_safefree(ptr);
} }
static size_t Curl_darwinssl_version(char *buffer, size_t size) static size_t Curl_sectransp_version(char *buffer, size_t size)
{ {
return msnprintf(buffer, size, "SecureTransport"); return msnprintf(buffer, size, "SecureTransport");
} }
@ -3025,7 +3025,7 @@ static size_t Curl_darwinssl_version(char *buffer, size_t size)
* 0 means the connection has been closed * 0 means the connection has been closed
* -1 means the connection status is unknown * -1 means the connection status is unknown
*/ */
static int Curl_darwinssl_check_cxn(struct connectdata *conn) static int Curl_sectransp_check_cxn(struct connectdata *conn)
{ {
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
OSStatus err; OSStatus err;
@ -3040,7 +3040,7 @@ static int Curl_darwinssl_check_cxn(struct connectdata *conn)
return 0; return 0;
} }
static bool Curl_darwinssl_data_pending(const struct connectdata *conn, static bool Curl_sectransp_data_pending(const struct connectdata *conn,
int connindex) int connindex)
{ {
const struct ssl_connect_data *connssl = &conn->ssl[connindex]; const struct ssl_connect_data *connssl = &conn->ssl[connindex];
@ -3057,7 +3057,7 @@ static bool Curl_darwinssl_data_pending(const struct connectdata *conn,
return false; return false;
} }
static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode Curl_sectransp_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length) unsigned char *entropy, size_t length)
{ {
/* arc4random_buf() isn't available on cats older than Lion, so let's /* arc4random_buf() isn't available on cats older than Lion, so let's
@ -3077,7 +3077,7 @@ static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM,
return CURLE_OK; return CURLE_OK;
} }
static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ static CURLcode Curl_sectransp_md5sum(unsigned char *tmp, /* input */
size_t tmplen, size_t tmplen,
unsigned char *md5sum, /* output */ unsigned char *md5sum, /* output */
size_t md5len) size_t md5len)
@ -3087,7 +3087,7 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
return CURLE_OK; return CURLE_OK;
} }
static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ static CURLcode Curl_sectransp_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen, size_t tmplen,
unsigned char *sha256sum, /* output */ unsigned char *sha256sum, /* output */
size_t sha256len) size_t sha256len)
@ -3097,7 +3097,7 @@ static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
return CURLE_OK; return CURLE_OK;
} }
static bool Curl_darwinssl_false_start(void) static bool Curl_sectransp_false_start(void)
{ {
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
if(SSLSetSessionOption != NULL) if(SSLSetSessionOption != NULL)
@ -3106,7 +3106,7 @@ static bool Curl_darwinssl_false_start(void)
return FALSE; return FALSE;
} }
static ssize_t darwinssl_send(struct connectdata *conn, static ssize_t sectransp_send(struct connectdata *conn,
int sockindex, int sockindex,
const void *mem, const void *mem,
size_t len, size_t len,
@ -3172,7 +3172,7 @@ static ssize_t darwinssl_send(struct connectdata *conn,
return (ssize_t)processed; return (ssize_t)processed;
} }
static ssize_t darwinssl_recv(struct connectdata *conn, static ssize_t sectransp_recv(struct connectdata *conn,
int num, int num,
char *buf, char *buf,
size_t buffersize, size_t buffersize,
@ -3212,48 +3212,48 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
return (ssize_t)processed; return (ssize_t)processed;
} }
static void *Curl_darwinssl_get_internals(struct ssl_connect_data *connssl, static void *Curl_sectransp_get_internals(struct ssl_connect_data *connssl,
CURLINFO info UNUSED_PARAM) CURLINFO info UNUSED_PARAM)
{ {
(void)info; (void)info;
return BACKEND->ssl_ctx; return BACKEND->ssl_ctx;
} }
const struct Curl_ssl Curl_ssl_darwinssl = { const struct Curl_ssl Curl_ssl_sectransp = {
{ CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */ { CURLSSLBACKEND_SECURETRANSPORT, "secure-transport" }, /* info */
#ifdef DARWIN_SSL_PINNEDPUBKEY #ifdef SECTRANSP_PINNEDPUBKEY
SSLSUPP_PINNEDPUBKEY, SSLSUPP_PINNEDPUBKEY,
#else #else
0, 0,
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* SECTRANSP_PINNEDPUBKEY */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),
Curl_none_init, /* init */ Curl_none_init, /* init */
Curl_none_cleanup, /* cleanup */ Curl_none_cleanup, /* cleanup */
Curl_darwinssl_version, /* version */ Curl_sectransp_version, /* version */
Curl_darwinssl_check_cxn, /* check_cxn */ Curl_sectransp_check_cxn, /* check_cxn */
Curl_darwinssl_shutdown, /* shutdown */ Curl_sectransp_shutdown, /* shutdown */
Curl_darwinssl_data_pending, /* data_pending */ Curl_sectransp_data_pending, /* data_pending */
Curl_darwinssl_random, /* random */ Curl_sectransp_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */ Curl_none_cert_status_request, /* cert_status_request */
Curl_darwinssl_connect, /* connect */ Curl_sectransp_connect, /* connect */
Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */ Curl_sectransp_connect_nonblocking, /* connect_nonblocking */
Curl_darwinssl_get_internals, /* get_internals */ Curl_sectransp_get_internals, /* get_internals */
Curl_darwinssl_close, /* close_one */ Curl_sectransp_close, /* close_one */
Curl_none_close_all, /* close_all */ Curl_none_close_all, /* close_all */
Curl_darwinssl_session_free, /* session_free */ Curl_sectransp_session_free, /* session_free */
Curl_none_set_engine, /* set_engine */ Curl_none_set_engine, /* set_engine */
Curl_none_set_engine_default, /* set_engine_default */ Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */ Curl_none_engines_list, /* engines_list */
Curl_darwinssl_false_start, /* false_start */ Curl_sectransp_false_start, /* false_start */
Curl_darwinssl_md5sum, /* md5sum */ Curl_sectransp_md5sum, /* md5sum */
Curl_darwinssl_sha256sum /* sha256sum */ Curl_sectransp_sha256sum /* sha256sum */
}; };
#ifdef __clang__ #ifdef __clang__
#pragma clang diagnostic pop #pragma clang diagnostic pop
#endif #endif
#endif /* USE_DARWINSSL */ #endif /* USE_SECTRANSP */

14
lib/vtls/darwinssl.h → lib/vtls/sectransp.h
View File

@ -1,5 +1,5 @@
#ifndef HEADER_CURL_DARWINSSL_H #ifndef HEADER_CURL_SECTRANSP_H
#define HEADER_CURL_DARWINSSL_H #define HEADER_CURL_SECTRANSP_H
/*************************************************************************** /***************************************************************************
* _ _ ____ _ * _ _ ____ _
* Project ___| | | | _ \| | * Project ___| | | | _ \| |
@ -8,7 +8,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>. * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
* Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -24,9 +24,9 @@
***************************************************************************/ ***************************************************************************/
#include "curl_setup.h" #include "curl_setup.h"
#ifdef USE_DARWINSSL #ifdef USE_SECTRANSP
extern const struct Curl_ssl Curl_ssl_darwinssl; extern const struct Curl_ssl Curl_ssl_sectransp;
#endif /* USE_DARWINSSL */ #endif /* USE_SECTRANSP */
#endif /* HEADER_CURL_DARWINSSL_H */ #endif /* HEADER_CURL_SECTRANSP_H */

14
lib/vtls/vtls.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -513,7 +513,7 @@ void Curl_ssl_close_all(struct Curl_easy *data)
} }
#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS) || \ defined(USE_SECTRANSP) || defined(USE_POLARSSL) || defined(USE_NSS) || \
defined(USE_MBEDTLS) || defined(USE_CYASSL) defined(USE_MBEDTLS) || defined(USE_CYASSL)
int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
int numsocks) int numsocks)
@ -546,7 +546,7 @@ int Curl_ssl_getsock(struct connectdata *conn,
(void)numsocks; (void)numsocks;
return GETSOCK_BLANK; return GETSOCK_BLANK;
} }
/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ /* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_SECTRANSP || USE_NSS */
#endif #endif
void Curl_ssl_close(struct connectdata *conn, int sockindex) void Curl_ssl_close(struct connectdata *conn, int sockindex)
@ -1172,8 +1172,8 @@ const struct Curl_ssl *Curl_ssl =
&Curl_ssl_multi; &Curl_ssl_multi;
#elif defined(USE_CYASSL) #elif defined(USE_CYASSL)
&Curl_ssl_cyassl; &Curl_ssl_cyassl;
#elif defined(USE_DARWINSSL) #elif defined(USE_SECTRANSP)
&Curl_ssl_darwinssl; &Curl_ssl_sectransp;
#elif defined(USE_GNUTLS) #elif defined(USE_GNUTLS)
&Curl_ssl_gnutls; &Curl_ssl_gnutls;
#elif defined(USE_GSKIT) #elif defined(USE_GSKIT)
@ -1198,8 +1198,8 @@ static const struct Curl_ssl *available_backends[] = {
#if defined(USE_CYASSL) #if defined(USE_CYASSL)
&Curl_ssl_cyassl, &Curl_ssl_cyassl,
#endif #endif
#if defined(USE_DARWINSSL) #if defined(USE_SECTRANSP)
&Curl_ssl_darwinssl, &Curl_ssl_sectransp,
#endif #endif
#if defined(USE_GNUTLS) #if defined(USE_GNUTLS)
&Curl_ssl_gnutls, &Curl_ssl_gnutls,

4
lib/vtls/vtls.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -105,7 +105,7 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
#include "polarssl.h" /* PolarSSL versions */ #include "polarssl.h" /* PolarSSL versions */
#include "cyassl.h" /* CyaSSL versions */ #include "cyassl.h" /* CyaSSL versions */
#include "schannel.h" /* Schannel SSPI version */ #include "schannel.h" /* Schannel SSPI version */
#include "darwinssl.h" /* SecureTransport (Darwin) version */ #include "sectransp.h" /* SecureTransport (Darwin) version */
#include "mbedtls.h" /* mbedTLS versions */ #include "mbedtls.h" /* mbedTLS versions */
#include "mesalink.h" /* MesaLink versions */ #include "mesalink.h" /* MesaLink versions */