moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

gnutls: remove the BACKEND define kludge

Browse Source
This commit is contained in:
Daniel Stenberg 2020-03-18 23:09:01 +01:00
parent aec0b49df3
commit 89865c149d
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 50 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
lib/vtls/gtls.c
View File

@ -111,8 +111,6 @@ struct ssl_backend_data {
#endif #endif
}; };
#define BACKEND connssl->backend
/* /*
* Custom push and pull callback functions used by GNU TLS to read and write * Custom push and pull callback functions used by GNU TLS to read and write
* to the socket. These functions are simple wrappers to send() and recv() * to the socket. These functions are simple wrappers to send() and recv()
@ -284,7 +282,8 @@ static CURLcode handshake(struct connectdata *conn,
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
gnutls_session_t session = BACKEND->session; struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
curl_socket_t sockfd = conn->sock[sockindex]; curl_socket_t sockfd = conn->sock[sockindex];
for(;;) { for(;;) {
@ -523,6 +522,7 @@ gtls_connect_step1(struct connectdata *conn,
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned int init_flags; unsigned int init_flags;
gnutls_session_t session; gnutls_session_t session;
int rc; int rc;
@ -574,7 +574,7 @@ gtls_connect_step1(struct connectdata *conn,
sni = FALSE; /* SSLv3 has no SNI */ sni = FALSE; /* SSLv3 has no SNI */
/* allocate a cred struct */ /* allocate a cred struct */
rc = gnutls_certificate_allocate_credentials(&BACKEND->cred); rc = gnutls_certificate_allocate_credentials(&backend->cred);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
@ -585,14 +585,14 @@ gtls_connect_step1(struct connectdata *conn,
infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username)); infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
rc = gnutls_srp_allocate_client_credentials( rc = gnutls_srp_allocate_client_credentials(
&BACKEND->srp_client_cred); &backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_allocate_client_cred() failed: %s", failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
gnutls_strerror(rc)); gnutls_strerror(rc));
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
} }
rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred, rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
SSL_SET_OPTION(username), SSL_SET_OPTION(username),
SSL_SET_OPTION(password)); SSL_SET_OPTION(password));
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
@ -605,10 +605,10 @@ gtls_connect_step1(struct connectdata *conn,
if(SSL_CONN_CONFIG(CAfile)) { if(SSL_CONN_CONFIG(CAfile)) {
/* set the trusted CA cert bundle file */ /* set the trusted CA cert bundle file */
gnutls_certificate_set_verify_flags(BACKEND->cred, gnutls_certificate_set_verify_flags(backend->cred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
rc = gnutls_certificate_set_x509_trust_file(BACKEND->cred, rc = gnutls_certificate_set_x509_trust_file(backend->cred,
SSL_CONN_CONFIG(CAfile), SSL_CONN_CONFIG(CAfile),
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc < 0) { if(rc < 0) {
@ -625,7 +625,7 @@ gtls_connect_step1(struct connectdata *conn,
#ifdef HAS_CAPATH #ifdef HAS_CAPATH
if(SSL_CONN_CONFIG(CApath)) { if(SSL_CONN_CONFIG(CApath)) {
/* set the trusted CA cert directory */ /* set the trusted CA cert directory */
rc = gnutls_certificate_set_x509_trust_dir(BACKEND->cred, rc = gnutls_certificate_set_x509_trust_dir(backend->cred,
SSL_CONN_CONFIG(CApath), SSL_CONN_CONFIG(CApath),
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc < 0) { if(rc < 0) {
@ -644,13 +644,13 @@ gtls_connect_step1(struct connectdata *conn,
/* use system ca certificate store as fallback */ /* use system ca certificate store as fallback */
if(SSL_CONN_CONFIG(verifypeer) && if(SSL_CONN_CONFIG(verifypeer) &&
!(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) { !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
gnutls_certificate_set_x509_system_trust(BACKEND->cred); gnutls_certificate_set_x509_system_trust(backend->cred);
} }
#endif #endif
if(SSL_SET_OPTION(CRLfile)) { if(SSL_SET_OPTION(CRLfile)) {
/* set the CRL list file */ /* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred, rc = gnutls_certificate_set_x509_crl_file(backend->cred,
SSL_SET_OPTION(CRLfile), SSL_SET_OPTION(CRLfile),
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc < 0) { if(rc < 0) {
@ -675,14 +675,14 @@ gtls_connect_step1(struct connectdata *conn,
init_flags |= GNUTLS_NO_TICKETS; init_flags |= GNUTLS_NO_TICKETS;
#endif #endif
rc = gnutls_init(&BACKEND->session, init_flags); rc = gnutls_init(&backend->session, init_flags);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc); failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
/* convenient assign */ /* convenient assign */
session = BACKEND->session; session = backend->session;
if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
#ifdef ENABLE_IPV6 #ifdef ENABLE_IPV6
@ -845,7 +845,7 @@ gtls_connect_step1(struct connectdata *conn,
GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 | GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
GNUTLS_PKCS_USE_PBES2_AES_256; GNUTLS_PKCS_USE_PBES2_AES_256;
rc = gnutls_certificate_set_x509_key_file2( rc = gnutls_certificate_set_x509_key_file2(
BACKEND->cred, backend->cred,
SSL_SET_OPTION(cert), SSL_SET_OPTION(cert),
SSL_SET_OPTION(key) ? SSL_SET_OPTION(key) ?
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
@ -865,7 +865,7 @@ gtls_connect_step1(struct connectdata *conn,
} }
else { else {
if(gnutls_certificate_set_x509_key_file( if(gnutls_certificate_set_x509_key_file(
BACKEND->cred, backend->cred,
SSL_SET_OPTION(cert), SSL_SET_OPTION(cert),
SSL_SET_OPTION(key) ? SSL_SET_OPTION(key) ?
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
@ -881,7 +881,7 @@ gtls_connect_step1(struct connectdata *conn,
/* put the credentials to the current session */ /* put the credentials to the current session */
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
BACKEND->srp_client_cred); backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
@ -891,7 +891,7 @@ gtls_connect_step1(struct connectdata *conn,
#endif #endif
{ {
rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
BACKEND->cred); backend->cred);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
@ -1026,7 +1026,8 @@ gtls_connect_step3(struct connectdata *conn,
const char *ptr; const char *ptr;
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
gnutls_session_t session = BACKEND->session; struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
int rc; int rc;
#ifdef HAS_ALPN #ifdef HAS_ALPN
gnutls_datum_t proto; gnutls_datum_t proto;
@ -1577,13 +1578,14 @@ static bool Curl_gtls_data_pending(const struct connectdata *conn,
{ {
const struct ssl_connect_data *connssl = &conn->ssl[connindex]; const struct ssl_connect_data *connssl = &conn->ssl[connindex];
bool res = FALSE; bool res = FALSE;
if(BACKEND->session && struct ssl_backend_data *backend = connssl->backend;
0 != gnutls_record_check_pending(BACKEND->session)) if(backend->session &&
0 != gnutls_record_check_pending(backend->session))
res = TRUE; res = TRUE;
connssl = &conn->proxy_ssl[connindex]; connssl = &conn->proxy_ssl[connindex];
if(BACKEND->session && if(backend->session &&
0 != gnutls_record_check_pending(BACKEND->session)) 0 != gnutls_record_check_pending(backend->session))
res = TRUE; res = TRUE;
return res; return res;
@ -1596,7 +1598,8 @@ static ssize_t gtls_send(struct connectdata *conn,
CURLcode *curlcode) CURLcode *curlcode)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
ssize_t rc = gnutls_record_send(BACKEND->session, mem, len); struct ssl_backend_data *backend = connssl->backend;
ssize_t rc = gnutls_record_send(backend->session, mem, len);
if(rc < 0) { if(rc < 0) {
*curlcode = (rc == GNUTLS_E_AGAIN) *curlcode = (rc == GNUTLS_E_AGAIN)
@ -1611,19 +1614,20 @@ static ssize_t gtls_send(struct connectdata *conn,
static void close_one(struct ssl_connect_data *connssl) static void close_one(struct ssl_connect_data *connssl)
{ {
if(BACKEND->session) { struct ssl_backend_data *backend = connssl->backend;
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); if(backend->session) {
gnutls_deinit(BACKEND->session); gnutls_bye(backend->session, GNUTLS_SHUT_WR);
BACKEND->session = NULL; gnutls_deinit(backend->session);
backend->session = NULL;
} }
if(BACKEND->cred) { if(backend->cred) {
gnutls_certificate_free_credentials(BACKEND->cred); gnutls_certificate_free_credentials(backend->cred);
BACKEND->cred = NULL; backend->cred = NULL;
} }
#ifdef USE_TLS_SRP #ifdef USE_TLS_SRP
if(BACKEND->srp_client_cred) { if(backend->srp_client_cred) {
gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); gnutls_srp_free_client_credentials(backend->srp_client_cred);
BACKEND->srp_client_cred = NULL; backend->srp_client_cred = NULL;
} }
#endif #endif
} }
@ -1641,6 +1645,7 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int retval = 0; int retval = 0;
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -1651,10 +1656,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
we do not send one. Let's hope other servers do the same... */ we do not send one. Let's hope other servers do the same... */
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); gnutls_bye(backend->session, GNUTLS_SHUT_WR);
#endif #endif
if(BACKEND->session) { if(backend->session) {
ssize_t result; ssize_t result;
bool done = FALSE; bool done = FALSE;
char buf[120]; char buf[120];
@ -1665,7 +1670,7 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
if(what > 0) { if(what > 0) {
/* Something to read, let's do it and hope that it is the close /* Something to read, let's do it and hope that it is the close
notify alert from the server */ notify alert from the server */
result = gnutls_record_recv(BACKEND->session, result = gnutls_record_recv(backend->session,
buf, sizeof(buf)); buf, sizeof(buf));
switch(result) { switch(result) {
case 0: case 0:
@ -1695,18 +1700,18 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
done = TRUE; done = TRUE;
} }
} }
gnutls_deinit(BACKEND->session); gnutls_deinit(backend->session);
} }
gnutls_certificate_free_credentials(BACKEND->cred); gnutls_certificate_free_credentials(backend->cred);
#ifdef USE_TLS_SRP #ifdef USE_TLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(username) != NULL) && SSL_SET_OPTION(username) != NULL)
gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); gnutls_srp_free_client_credentials(backend->srp_client_cred);
#endif #endif
BACKEND->cred = NULL; backend->cred = NULL;
BACKEND->session = NULL; backend->session = NULL;
return retval; return retval;
} }
@ -1718,9 +1723,10 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
CURLcode *curlcode) CURLcode *curlcode)
{ {
struct ssl_connect_data *connssl = &conn->ssl[num]; struct ssl_connect_data *connssl = &conn->ssl[num];
struct ssl_backend_data *backend = connssl->backend;
ssize_t ret; ssize_t ret;
ret = gnutls_record_recv(BACKEND->session, buf, buffersize); ret = gnutls_record_recv(backend->session, buf, buffersize);
if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
*curlcode = CURLE_AGAIN; *curlcode = CURLE_AGAIN;
return -1; return -1;
@ -1846,8 +1852,9 @@ static bool Curl_gtls_cert_status_request(void)
static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl, static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
CURLINFO info UNUSED_PARAM) CURLINFO info UNUSED_PARAM)
{ {
struct ssl_backend_data *backend = connssl->backend;
(void)info; (void)info;
return BACKEND->session; return backend->session;
} }
const struct Curl_ssl Curl_ssl_gnutls = { const struct Curl_ssl Curl_ssl_gnutls = {