mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 17:18:48 -05:00
gnutls: remove the BACKEND define kludge
This commit is contained in:
parent
aec0b49df3
commit
89865c149d
@ -111,8 +111,6 @@ struct ssl_backend_data {
|
|||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
#define BACKEND connssl->backend
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Custom push and pull callback functions used by GNU TLS to read and write
|
* Custom push and pull callback functions used by GNU TLS to read and write
|
||||||
* to the socket. These functions are simple wrappers to send() and recv()
|
* to the socket. These functions are simple wrappers to send() and recv()
|
||||||
@ -284,7 +282,8 @@ static CURLcode handshake(struct connectdata *conn,
|
|||||||
{
|
{
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||||
gnutls_session_t session = BACKEND->session;
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
|
gnutls_session_t session = backend->session;
|
||||||
curl_socket_t sockfd = conn->sock[sockindex];
|
curl_socket_t sockfd = conn->sock[sockindex];
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
@ -523,6 +522,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
{
|
{
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||||
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
unsigned int init_flags;
|
unsigned int init_flags;
|
||||||
gnutls_session_t session;
|
gnutls_session_t session;
|
||||||
int rc;
|
int rc;
|
||||||
@ -574,7 +574,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
sni = FALSE; /* SSLv3 has no SNI */
|
sni = FALSE; /* SSLv3 has no SNI */
|
||||||
|
|
||||||
/* allocate a cred struct */
|
/* allocate a cred struct */
|
||||||
rc = gnutls_certificate_allocate_credentials(&BACKEND->cred);
|
rc = gnutls_certificate_allocate_credentials(&backend->cred);
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
|
failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
@ -585,14 +585,14 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
|
infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
|
||||||
|
|
||||||
rc = gnutls_srp_allocate_client_credentials(
|
rc = gnutls_srp_allocate_client_credentials(
|
||||||
&BACKEND->srp_client_cred);
|
&backend->srp_client_cred);
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
|
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
|
||||||
gnutls_strerror(rc));
|
gnutls_strerror(rc));
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred,
|
rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
|
||||||
SSL_SET_OPTION(username),
|
SSL_SET_OPTION(username),
|
||||||
SSL_SET_OPTION(password));
|
SSL_SET_OPTION(password));
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
@ -605,10 +605,10 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
|
|
||||||
if(SSL_CONN_CONFIG(CAfile)) {
|
if(SSL_CONN_CONFIG(CAfile)) {
|
||||||
/* set the trusted CA cert bundle file */
|
/* set the trusted CA cert bundle file */
|
||||||
gnutls_certificate_set_verify_flags(BACKEND->cred,
|
gnutls_certificate_set_verify_flags(backend->cred,
|
||||||
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
|
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
|
||||||
|
|
||||||
rc = gnutls_certificate_set_x509_trust_file(BACKEND->cred,
|
rc = gnutls_certificate_set_x509_trust_file(backend->cred,
|
||||||
SSL_CONN_CONFIG(CAfile),
|
SSL_CONN_CONFIG(CAfile),
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
if(rc < 0) {
|
if(rc < 0) {
|
||||||
@ -625,7 +625,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
#ifdef HAS_CAPATH
|
#ifdef HAS_CAPATH
|
||||||
if(SSL_CONN_CONFIG(CApath)) {
|
if(SSL_CONN_CONFIG(CApath)) {
|
||||||
/* set the trusted CA cert directory */
|
/* set the trusted CA cert directory */
|
||||||
rc = gnutls_certificate_set_x509_trust_dir(BACKEND->cred,
|
rc = gnutls_certificate_set_x509_trust_dir(backend->cred,
|
||||||
SSL_CONN_CONFIG(CApath),
|
SSL_CONN_CONFIG(CApath),
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
if(rc < 0) {
|
if(rc < 0) {
|
||||||
@ -644,13 +644,13 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
/* use system ca certificate store as fallback */
|
/* use system ca certificate store as fallback */
|
||||||
if(SSL_CONN_CONFIG(verifypeer) &&
|
if(SSL_CONN_CONFIG(verifypeer) &&
|
||||||
!(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
|
!(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
|
||||||
gnutls_certificate_set_x509_system_trust(BACKEND->cred);
|
gnutls_certificate_set_x509_system_trust(backend->cred);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(SSL_SET_OPTION(CRLfile)) {
|
if(SSL_SET_OPTION(CRLfile)) {
|
||||||
/* set the CRL list file */
|
/* set the CRL list file */
|
||||||
rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred,
|
rc = gnutls_certificate_set_x509_crl_file(backend->cred,
|
||||||
SSL_SET_OPTION(CRLfile),
|
SSL_SET_OPTION(CRLfile),
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
if(rc < 0) {
|
if(rc < 0) {
|
||||||
@ -675,14 +675,14 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
init_flags |= GNUTLS_NO_TICKETS;
|
init_flags |= GNUTLS_NO_TICKETS;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
rc = gnutls_init(&BACKEND->session, init_flags);
|
rc = gnutls_init(&backend->session, init_flags);
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
failf(data, "gnutls_init() failed: %d", rc);
|
failf(data, "gnutls_init() failed: %d", rc);
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* convenient assign */
|
/* convenient assign */
|
||||||
session = BACKEND->session;
|
session = backend->session;
|
||||||
|
|
||||||
if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
||||||
#ifdef ENABLE_IPV6
|
#ifdef ENABLE_IPV6
|
||||||
@ -845,7 +845,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
|
GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
|
||||||
GNUTLS_PKCS_USE_PBES2_AES_256;
|
GNUTLS_PKCS_USE_PBES2_AES_256;
|
||||||
rc = gnutls_certificate_set_x509_key_file2(
|
rc = gnutls_certificate_set_x509_key_file2(
|
||||||
BACKEND->cred,
|
backend->cred,
|
||||||
SSL_SET_OPTION(cert),
|
SSL_SET_OPTION(cert),
|
||||||
SSL_SET_OPTION(key) ?
|
SSL_SET_OPTION(key) ?
|
||||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
||||||
@ -865,7 +865,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if(gnutls_certificate_set_x509_key_file(
|
if(gnutls_certificate_set_x509_key_file(
|
||||||
BACKEND->cred,
|
backend->cred,
|
||||||
SSL_SET_OPTION(cert),
|
SSL_SET_OPTION(cert),
|
||||||
SSL_SET_OPTION(key) ?
|
SSL_SET_OPTION(key) ?
|
||||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
||||||
@ -881,7 +881,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
/* put the credentials to the current session */
|
/* put the credentials to the current session */
|
||||||
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
|
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
|
||||||
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
|
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
|
||||||
BACKEND->srp_client_cred);
|
backend->srp_client_cred);
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
|
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
@ -891,7 +891,7 @@ gtls_connect_step1(struct connectdata *conn,
|
|||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
|
rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
|
||||||
BACKEND->cred);
|
backend->cred);
|
||||||
if(rc != GNUTLS_E_SUCCESS) {
|
if(rc != GNUTLS_E_SUCCESS) {
|
||||||
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
|
failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
@ -1026,7 +1026,8 @@ gtls_connect_step3(struct connectdata *conn,
|
|||||||
const char *ptr;
|
const char *ptr;
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||||
gnutls_session_t session = BACKEND->session;
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
|
gnutls_session_t session = backend->session;
|
||||||
int rc;
|
int rc;
|
||||||
#ifdef HAS_ALPN
|
#ifdef HAS_ALPN
|
||||||
gnutls_datum_t proto;
|
gnutls_datum_t proto;
|
||||||
@ -1577,13 +1578,14 @@ static bool Curl_gtls_data_pending(const struct connectdata *conn,
|
|||||||
{
|
{
|
||||||
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
|
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
|
||||||
bool res = FALSE;
|
bool res = FALSE;
|
||||||
if(BACKEND->session &&
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
0 != gnutls_record_check_pending(BACKEND->session))
|
if(backend->session &&
|
||||||
|
0 != gnutls_record_check_pending(backend->session))
|
||||||
res = TRUE;
|
res = TRUE;
|
||||||
|
|
||||||
connssl = &conn->proxy_ssl[connindex];
|
connssl = &conn->proxy_ssl[connindex];
|
||||||
if(BACKEND->session &&
|
if(backend->session &&
|
||||||
0 != gnutls_record_check_pending(BACKEND->session))
|
0 != gnutls_record_check_pending(backend->session))
|
||||||
res = TRUE;
|
res = TRUE;
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
@ -1596,7 +1598,8 @@ static ssize_t gtls_send(struct connectdata *conn,
|
|||||||
CURLcode *curlcode)
|
CURLcode *curlcode)
|
||||||
{
|
{
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||||
ssize_t rc = gnutls_record_send(BACKEND->session, mem, len);
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
|
ssize_t rc = gnutls_record_send(backend->session, mem, len);
|
||||||
|
|
||||||
if(rc < 0) {
|
if(rc < 0) {
|
||||||
*curlcode = (rc == GNUTLS_E_AGAIN)
|
*curlcode = (rc == GNUTLS_E_AGAIN)
|
||||||
@ -1611,19 +1614,20 @@ static ssize_t gtls_send(struct connectdata *conn,
|
|||||||
|
|
||||||
static void close_one(struct ssl_connect_data *connssl)
|
static void close_one(struct ssl_connect_data *connssl)
|
||||||
{
|
{
|
||||||
if(BACKEND->session) {
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
|
if(backend->session) {
|
||||||
gnutls_deinit(BACKEND->session);
|
gnutls_bye(backend->session, GNUTLS_SHUT_WR);
|
||||||
BACKEND->session = NULL;
|
gnutls_deinit(backend->session);
|
||||||
|
backend->session = NULL;
|
||||||
}
|
}
|
||||||
if(BACKEND->cred) {
|
if(backend->cred) {
|
||||||
gnutls_certificate_free_credentials(BACKEND->cred);
|
gnutls_certificate_free_credentials(backend->cred);
|
||||||
BACKEND->cred = NULL;
|
backend->cred = NULL;
|
||||||
}
|
}
|
||||||
#ifdef USE_TLS_SRP
|
#ifdef USE_TLS_SRP
|
||||||
if(BACKEND->srp_client_cred) {
|
if(backend->srp_client_cred) {
|
||||||
gnutls_srp_free_client_credentials(BACKEND->srp_client_cred);
|
gnutls_srp_free_client_credentials(backend->srp_client_cred);
|
||||||
BACKEND->srp_client_cred = NULL;
|
backend->srp_client_cred = NULL;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -1641,6 +1645,7 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
|
|||||||
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
|
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
|
||||||
{
|
{
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||||
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
int retval = 0;
|
int retval = 0;
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
|
|
||||||
@ -1651,10 +1656,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
|
|||||||
we do not send one. Let's hope other servers do the same... */
|
we do not send one. Let's hope other servers do the same... */
|
||||||
|
|
||||||
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
||||||
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
|
gnutls_bye(backend->session, GNUTLS_SHUT_WR);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(BACKEND->session) {
|
if(backend->session) {
|
||||||
ssize_t result;
|
ssize_t result;
|
||||||
bool done = FALSE;
|
bool done = FALSE;
|
||||||
char buf[120];
|
char buf[120];
|
||||||
@ -1665,7 +1670,7 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
|
|||||||
if(what > 0) {
|
if(what > 0) {
|
||||||
/* Something to read, let's do it and hope that it is the close
|
/* Something to read, let's do it and hope that it is the close
|
||||||
notify alert from the server */
|
notify alert from the server */
|
||||||
result = gnutls_record_recv(BACKEND->session,
|
result = gnutls_record_recv(backend->session,
|
||||||
buf, sizeof(buf));
|
buf, sizeof(buf));
|
||||||
switch(result) {
|
switch(result) {
|
||||||
case 0:
|
case 0:
|
||||||
@ -1695,18 +1700,18 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
|
|||||||
done = TRUE;
|
done = TRUE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
gnutls_deinit(BACKEND->session);
|
gnutls_deinit(backend->session);
|
||||||
}
|
}
|
||||||
gnutls_certificate_free_credentials(BACKEND->cred);
|
gnutls_certificate_free_credentials(backend->cred);
|
||||||
|
|
||||||
#ifdef USE_TLS_SRP
|
#ifdef USE_TLS_SRP
|
||||||
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
|
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
|
||||||
&& SSL_SET_OPTION(username) != NULL)
|
&& SSL_SET_OPTION(username) != NULL)
|
||||||
gnutls_srp_free_client_credentials(BACKEND->srp_client_cred);
|
gnutls_srp_free_client_credentials(backend->srp_client_cred);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
BACKEND->cred = NULL;
|
backend->cred = NULL;
|
||||||
BACKEND->session = NULL;
|
backend->session = NULL;
|
||||||
|
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
@ -1718,9 +1723,10 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
|
|||||||
CURLcode *curlcode)
|
CURLcode *curlcode)
|
||||||
{
|
{
|
||||||
struct ssl_connect_data *connssl = &conn->ssl[num];
|
struct ssl_connect_data *connssl = &conn->ssl[num];
|
||||||
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
|
|
||||||
ret = gnutls_record_recv(BACKEND->session, buf, buffersize);
|
ret = gnutls_record_recv(backend->session, buf, buffersize);
|
||||||
if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
|
if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
|
||||||
*curlcode = CURLE_AGAIN;
|
*curlcode = CURLE_AGAIN;
|
||||||
return -1;
|
return -1;
|
||||||
@ -1846,8 +1852,9 @@ static bool Curl_gtls_cert_status_request(void)
|
|||||||
static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
|
static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
|
||||||
CURLINFO info UNUSED_PARAM)
|
CURLINFO info UNUSED_PARAM)
|
||||||
{
|
{
|
||||||
|
struct ssl_backend_data *backend = connssl->backend;
|
||||||
(void)info;
|
(void)info;
|
||||||
return BACKEND->session;
|
return backend->session;
|
||||||
}
|
}
|
||||||
|
|
||||||
const struct Curl_ssl Curl_ssl_gnutls = {
|
const struct Curl_ssl Curl_ssl_gnutls = {
|
||||||
|
Loading…
Reference in New Issue
Block a user