1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00

- As Daniel Fandrich figured out, we must do the GnuTLS initing in the

curl_global_init() function to properly maintain the performing functions
  thread-safe. We've previously (28 April 2007) moved the init to a later time
  just to avoid it to fail very early when libgcrypt dislikes the situation,
  but that move was bad and the fix should rather be in libgcrypt or
  elsewhere.
This commit is contained in:
Daniel Stenberg 2009-02-25 12:51:17 +00:00
parent 625d06ac79
commit d207ea1652
3 changed files with 31 additions and 30 deletions

View File

@ -6,6 +6,14 @@
Changelog
Daniel Stenberg (25 Feb 2009)
- As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 2007) moved the init to a later time
just to avoid it to fail very early when libgcrypt dislikes the situation,
but that move was bad and the fix should rather be in libgcrypt or
elsewhere.
Daniel Stenberg (24 Feb 2009)
- Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the

View File

@ -23,6 +23,7 @@ This release includes the following changes:
o Added support for Digest and NTLM authentication using GnuTLS
o CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even
when MKD fails
o GnuTLS initing moved to curl_global_init()
This release includes the following bugfixes:

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -86,19 +86,14 @@ static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
return sread(s, buf, len);
}
/* Global GnuTLS init, called from Curl_ssl_init() */
int Curl_gtls_init(void)
{
/* Unfortunately we can not init here, things like curl --version will
* fail to work if there is no egd socket available because libgcrypt
* will EXIT the application!!
* By doing the actual init later (before actually trying to use GnuTLS),
* we can at least provide basic info etc.
/* Curl_gtls_init()
*
* Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
* are not thread-safe and thus this function itself is not thread-safe and
* must only be called from within curl_global_init() to keep the thread
* situation under control!
*/
return 1;
}
static int _Curl_gtls_init(void)
int Curl_gtls_init(void)
{
int ret = 1;
if(!gtls_inited) {
@ -181,7 +176,7 @@ static CURLcode handshake(struct connectdata *conn,
struct SessionHandle *data = conn->data;
int rc;
if(!gtls_inited)
_Curl_gtls_init();
Curl_gtls_init();
do {
rc = gnutls_handshake(session);
@ -272,7 +267,7 @@ Curl_gtls_connect(struct connectdata *conn,
return CURLE_OK;
if(!gtls_inited)
_Curl_gtls_init();
Curl_gtls_init();
/* GnuTLS only supports SSLv3 and TLSv1 */
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
@ -778,14 +773,6 @@ size_t Curl_gtls_version(char *buffer, size_t size)
return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
}
static void gtls_seed(struct SessionHandle *data)
{
/* TODO: to a good job seeding the RNG */
/* This may involve the gcry_control function and these options: */
/* GCRYCTL_SET_RANDOM_SEED_FILE */
/* GCRYCTL_SET_RNDEGD_SOCKET */
}
int Curl_gtls_seed(struct SessionHandle *data)
{
/* we have the "SSL is seeded" boolean static to prevent multiple
@ -797,7 +784,12 @@ int Curl_gtls_seed(struct SessionHandle *data)
if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
data->set.str[STRING_SSL_EGDSOCKET]) {
gtls_seed(data);
/* TODO: to a good job seeding the RNG
This may involve the gcry_control function and these options:
GCRYCTL_SET_RANDOM_SEED_FILE
GCRYCTL_SET_RNDEGD_SOCKET
*/
ssl_seeded = TRUE;
}
return 0;