Added handling of CURLINFO_SSL_ENGINES;

Added Curl_SSL_engines_list(), cleanup SSL in url.c (no HAVE_OPENSSL_x etc.).
2024-12-21 23:58:49 -05:00 · 2004-12-13 16:43:00 +00:00 · 2004-12-13 16:43:00 +00:00 · bdb0620529
commit bdb0620529
parent be9ea07e87
5 changed files with 102 additions and 45 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -482,6 +482,77 @@ void Curl_SSL_Close(struct connectdata *conn)
 }
 #endif

+
+/* Selects an OpenSSL crypto engine
+ */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e = ENGINE_by_id(engine);
+
+  if (!e) {
+    failf(data, "SSL Engine '%s' not found", engine);
+    return (CURLE_SSL_ENGINE_NOTFOUND);
+  }
+
+  if (data->engine) {
+    ENGINE_finish(data->engine);
+    ENGINE_free(data->engine);
+  }
+  data->engine = NULL;
+  if (!ENGINE_init(e)) {
+    ENGINE_free(e);
+    failf(data, "Failed to initialise SSL Engine '%s'", engine);
+    return (CURLE_SSL_ENGINE_INITFAILED);
+  }
+  data->engine = e;
+  return (CURLE_OK);
+#else
+  failf(data, "SSL Engine not supported");
+  return (CURLE_SSL_ENGINE_NOTFOUND);
+#endif
+}
+
+/* Sets above engine as default for all SSL operations
+ */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  if (data->engine) {
+    if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
+      infof(data,"set default crypto engine %s\n", data->engine);
+    }
+    else {
+      failf(data, "set default crypto engine %s failed", data->engine);
+      return CURLE_SSL_ENGINE_SETFAILED;
+    }
+  }
+#else
+  (void) data;
+#endif
+  return (CURLE_OK);
+}
+
+/* Build the list of OpenSSL crypto engine names. Add to
+ * linked list at data->engine_list.
+ */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e;
+
+  /* Free previous list */
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+
+  data->engine_list = NULL;
+  for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+    data->engine_list = curl_slist_append(data->engine_list, ENGINE_get_id(e));
+#endif
+  return (CURLE_OK);
+}
+
+
 #ifdef USE_SSLEAY

 /*
@ -620,11 +691,15 @@ int Curl_SSL_Close_All(struct SessionHandle *data)
    free(data->state.session);
  }
 #ifdef HAVE_OPENSSL_ENGINE_H
-  if(data->engine)
-  {
+  if(data->engine) {
+    ENGINE_finish(data->engine);
    ENGINE_free(data->engine);
    data->engine = NULL;
  }
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+  data->engine_list = NULL;
+
 #endif
  return 0;
 }
@ -1483,3 +1558,4 @@ Curl_SSLConnect(struct connectdata *conn,
 #endif
  return retcode;
 }
+
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@ -35,4 +35,14 @@ void Curl_SSL_Close(struct connectdata *conn); /* close a SSL connection */
 /* tell the SSL stuff to close down all open information regarding
   connections (and thus session ID caching etc) */
 int Curl_SSL_Close_All(struct SessionHandle *data);
+
+/* Sets an OpenSSL engine */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine);
+
+/* Sets above engine as default for all SSL operations */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data);
+
+/* Build list of OpenSSL engines */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data);
+
 #endif
--- a/lib/strerror.c
+++ b/lib/strerror.c
@ -200,6 +200,9 @@ curl_easy_strerror(CURLcode error)
  case CURLE_SSL_ENGINE_SETFAILED:
    return "can not set SSL crypto engine as default";

+  case CURLE_SSL_ENGINE_INITFAILED:
+    return "failed to initialise SSL crypto engine";
+
  case CURLE_SEND_ERROR:
    return "failed sending data to the peer";

--- a/lib/url.c
+++ b/lib/url.c
@ -97,9 +97,6 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 #endif
 #endif

-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
 #include "urldata.h"
 #include "netrc.h"

@ -1150,45 +1147,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
     * String that holds the SSL crypto engine.
     */
    argptr = va_arg(param, char *);
-    if (argptr && argptr[0]) {
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-      ENGINE *e = ENGINE_by_id(argptr);
-      if (e) {
-        if (data->engine) {
-          ENGINE_free(data->engine);
-        }
-        data->engine = e;
-      }
-      else {
-        failf(data, "SSL Engine '%s' not found", argptr);
-        result = CURLE_SSL_ENGINE_NOTFOUND;
-      }
-#else
-      failf(data, "SSL Engine not supported");
-      result = CURLE_SSL_ENGINE_NOTFOUND;
-#endif
-    }
+    if (argptr && argptr[0])
+       result = Curl_SSL_set_engine(data, argptr);
    break;

  case CURLOPT_SSLENGINE_DEFAULT:
    /*
     * flag to set engine as default.
     */
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-    if (data->engine) {
-      if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
-#ifdef DEBUG
-        fprintf(stderr,"set default crypto engine\n");
-#endif
-      }
-      else {
-#ifdef DEBUG
-        failf(data, "set default crypto engine failed");
-#endif
-        return CURLE_SSL_ENGINE_SETFAILED;
-      }
-    }
-#endif
+    result = Curl_SSL_set_engine_default(data);
    break;
  case CURLOPT_CRLF:
    /*
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -975,6 +975,7 @@ struct SessionHandle {
  struct PureInfo info;        /* stats, reports and info data */
 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
  ENGINE *engine;
+  struct curl_slist *engine_list; /* list of names from ENGINE_get_id() */
 #endif /* USE_SSLEAY */
 };