mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
schannel: Evaluate CURLOPT_SSL_OPTIONS via SSL_SET_OPTION macro
- Change use of those options from CURLOPT_SSL_OPTIONS that are not already evaluated via SSL_SET_OPTION in schannel and secure transport to use that instead of data->set.ssl.optname. Example: Evaluate SSL_SET_OPTION(no_revoke) instead of data->set.ssl.no_revoke. This change is because options set via CURLOPT_SSL_OPTIONS (data->set.ssl.optname) are separate from those set for HTTPS proxy via CURLOPT_PROXY_SSL_OPTIONS (data->set.proxy_ssl.optname). The SSL_SET_OPTION macro determines whether the connection is for HTTPS proxy and based on that which option to evaluate. Since neither Schannel nor Secure Transport backends currently support HTTPS proxy in libcurl, this change is for posterity and has no other effect. Closes https://github.com/curl/curl/pull/6690
This commit is contained in:
parent
86338ca698
commit
7a33c4dff9
@ -522,14 +522,14 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
#endif
|
#endif
|
||||||
schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
|
schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
|
||||||
|
|
||||||
if(data->set.ssl.no_revoke) {
|
if(SSL_SET_OPTION(no_revoke)) {
|
||||||
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
|
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
|
||||||
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
|
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
|
||||||
|
|
||||||
DEBUGF(infof(data, "schannel: disabled server certificate revocation "
|
DEBUGF(infof(data, "schannel: disabled server certificate revocation "
|
||||||
"checks\n"));
|
"checks\n"));
|
||||||
}
|
}
|
||||||
else if(data->set.ssl.revoke_best_effort) {
|
else if(SSL_SET_OPTION(revoke_best_effort)) {
|
||||||
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
|
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
|
||||||
SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_REVOCATION_CHECK_CHAIN;
|
SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_REVOCATION_CHECK_CHAIN;
|
||||||
|
|
||||||
|
@ -624,7 +624,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
|
|||||||
NULL,
|
NULL,
|
||||||
pCertContextServer->hCertStore,
|
pCertContextServer->hCertStore,
|
||||||
&ChainPara,
|
&ChainPara,
|
||||||
(data->set.ssl.no_revoke ? 0 :
|
(SSL_SET_OPTION(no_revoke) ? 0 :
|
||||||
CERT_CHAIN_REVOCATION_CHECK_CHAIN),
|
CERT_CHAIN_REVOCATION_CHECK_CHAIN),
|
||||||
NULL,
|
NULL,
|
||||||
&pChainContext)) {
|
&pChainContext)) {
|
||||||
|
@ -1941,7 +1941,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
|
|||||||
specifically doesn't want us doing that: */
|
specifically doesn't want us doing that: */
|
||||||
if(SSLSetSessionOption != NULL) {
|
if(SSLSetSessionOption != NULL) {
|
||||||
SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
|
SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
|
||||||
!data->set.ssl.enable_beast);
|
!SSL_SET_OPTION(enable_beast));
|
||||||
SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionFalseStart,
|
SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionFalseStart,
|
||||||
data->set.ssl.falsestart); /* false start support */
|
data->set.ssl.falsestart); /* false start support */
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user