vtls: use unified "supports" bitfield member in backends

... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.

closes #2547
This commit is contained in:
Daniel Stenberg 2018-05-04 12:10:39 +02:00
parent f8d608f38d
commit e66cca046c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
15 changed files with 53 additions and 89 deletions

View File

@ -1748,7 +1748,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* Set a SSL_CTX callback * Set a SSL_CTX callback
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_ssl_ctx) if(Curl_ssl->supports & SSLSUPP_SSL_CTX)
data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback); data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
else else
#endif #endif
@ -1759,7 +1759,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* Set a SSL_CTX callback parameter pointer * Set a SSL_CTX callback parameter pointer
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_ssl_ctx) if(Curl_ssl->supports & SSLSUPP_SSL_CTX)
data->set.ssl.fsslctxp = va_arg(param, void *); data->set.ssl.fsslctxp = va_arg(param, void *);
else else
#endif #endif
@ -1778,7 +1778,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
break; break;
case CURLOPT_CERTINFO: case CURLOPT_CERTINFO:
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_certinfo) if(Curl_ssl->supports & SSLSUPP_CERTINFO)
data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE; data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
else else
#endif #endif
@ -1790,7 +1790,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* Specify file name of the public key in DER format. * Specify file name of the public key in DER format.
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_pinnedpubkey) if(Curl_ssl->supports & SSLSUPP_PINNEDPUBKEY)
result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG], result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
va_arg(param, char *)); va_arg(param, char *));
else else
@ -1803,7 +1803,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* Specify file name of the public key in DER format. * Specify file name of the public key in DER format.
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_pinnedpubkey) if(Curl_ssl->supports & SSLSUPP_PINNEDPUBKEY)
result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY], result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
va_arg(param, char *)); va_arg(param, char *));
else else
@ -1831,7 +1831,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* certificates which have been prepared using openssl c_rehash utility. * certificates which have been prepared using openssl c_rehash utility.
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_ca_path) if(Curl_ssl->supports & SSLSUPP_CA_PATH)
/* This does not work on windows. */ /* This does not work on windows. */
result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG], result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
va_arg(param, char *)); va_arg(param, char *));
@ -1845,7 +1845,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
* CA certificates which have been prepared using openssl c_rehash utility. * CA certificates which have been prepared using openssl c_rehash utility.
*/ */
#ifdef USE_SSL #ifdef USE_SSL
if(Curl_ssl->have_ca_path) if(Curl_ssl->supports & SSLSUPP_CA_PATH)
/* This does not work on windows. */ /* This does not work on windows. */
result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
va_arg(param, char *)); va_arg(param, char *));

View File

@ -2740,7 +2740,7 @@ static CURLcode parse_proxy(struct Curl_easy *data,
proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */ proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */
#ifdef USE_SSL #ifdef USE_SSL
if(!Curl_ssl->support_https_proxy) if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
#endif #endif
if(proxytype == CURLPROXY_HTTPS) { if(proxytype == CURLPROXY_HTTPS) {
failf(data, "Unsupported proxy \'%s\', libcurl is built without the " failf(data, "Unsupported proxy \'%s\', libcurl is built without the "

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -399,7 +399,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
#ifdef USE_SSL #ifdef USE_SSL
Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer)); Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer));
version_info.ssl_version = ssl_buffer; version_info.ssl_version = ssl_buffer;
if(Curl_ssl->support_https_proxy) if(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY)
version_info.features |= CURL_VERSION_HTTPS_PROXY; version_info.features |= CURL_VERSION_HTTPS_PROXY;
else else
version_info.features &= ~CURL_VERSION_HTTPS_PROXY; version_info.features &= ~CURL_VERSION_HTTPS_PROXY;

View File

@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2010, DirecTV, Contact: Eric Hu, <ehu@directv.com>. * Copyright (C) 2010, DirecTV, Contact: Eric Hu, <ehu@directv.com>.
* Copyright (C) 2010 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -703,13 +703,7 @@ static void *Curl_axtls_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_axtls = { const struct Curl_ssl Curl_ssl_axtls = {
{ CURLSSLBACKEND_AXTLS, "axtls" }, /* info */ { CURLSSLBACKEND_AXTLS, "axtls" }, /* info */
0, /* no fancy stuff */
0, /* have_ca_path */
0, /* have_certinfo */
0, /* have_pinnedpubkey */
0, /* have_ssl_ctx */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),
/* /*

View File

@ -994,15 +994,10 @@ static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_cyassl = { const struct Curl_ssl Curl_ssl_cyassl = {
{ CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */ { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */
0, /* have_ca_path */
0, /* have_certinfo */
#ifdef KEEP_PEER_CERT #ifdef KEEP_PEER_CERT
1, /* have_pinnedpubkey */ SSLSUPP_PINNEDPUBKEY |
#else
0, /* have_pinnedpubkey */
#endif #endif
1, /* have_ssl_ctx */ SSLSUPP_SSL_CTX
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
* Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -3029,15 +3029,11 @@ static void *Curl_darwinssl_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_darwinssl = { const struct Curl_ssl Curl_ssl_darwinssl = {
{ CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */ { CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */
0, /* have_ca_path */
0, /* have_certinfo */
#ifdef DARWIN_SSL_PINNEDPUBKEY #ifdef DARWIN_SSL_PINNEDPUBKEY
1, /* have_pinnedpubkey */ SSLSUPP_PINNEDPUBKEY,
#else #else
0, /* have_pinnedpubkey */ 0,
#endif /* DARWIN_SSL_PINNEDPUBKEY */ #endif /* DARWIN_SSL_PINNEDPUBKEY */
0, /* have_ssl_ctx */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -1353,12 +1353,8 @@ static void *Curl_gskit_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_gskit = { const struct Curl_ssl Curl_ssl_gskit = {
{ CURLSSLBACKEND_GSKIT, "gskit" }, /* info */ { CURLSSLBACKEND_GSKIT, "gskit" }, /* info */
0, /* have_ca_path */ SSLSUPP_CERTINFO |
1, /* have_certinfo */ SSLSUPP_PINNEDPUBKEY
1, /* have_pinnedpubkey */
0, /* have_ssl_ctx */
/* TODO: convert to 1 and fix test #1014 (if need) */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -1802,11 +1802,10 @@ static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_gnutls = { const struct Curl_ssl Curl_ssl_gnutls = {
{ CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */ { CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */
1, /* have_ca_path */ SSLSUPP_CA_PATH |
1, /* have_certinfo */ SSLSUPP_CERTINFO |
1, /* have_pinnedpubkey */ SSLSUPP_PINNEDPUBKEY |
0, /* have_ssl_ctx */ SSLSUPP_HTTPS_PROXY,
1, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
* Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -1049,11 +1049,9 @@ static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_mbedtls = { const struct Curl_ssl Curl_ssl_mbedtls = {
{ CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */ { CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */
1, /* have_ca_path */ SSLSUPP_CA_PATH |
0, /* have_certinfo */ SSLSUPP_PINNEDPUBKEY |
1, /* have_pinnedpubkey */ SSLSUPP_SSL_CTX,
1, /* have_ssl_ctx */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -2357,11 +2357,10 @@ static void *Curl_nss_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_nss = { const struct Curl_ssl Curl_ssl_nss = {
{ CURLSSLBACKEND_NSS, "nss" }, /* info */ { CURLSSLBACKEND_NSS, "nss" }, /* info */
1, /* have_ca_path */ SSLSUPP_CA_PATH |
1, /* have_certinfo */ SSLSUPP_CERTINFO |
1, /* have_pinnedpubkey */ SSLSUPP_PINNEDPUBKEY |
0, /* have_ssl_ctx */ SSLSUPP_HTTPS_PROXY,
1, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -3724,11 +3724,11 @@ static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_openssl = { const struct Curl_ssl Curl_ssl_openssl = {
{ CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */ { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
1, /* have_ca_path */ SSLSUPP_CA_PATH |
1, /* have_certinfo */ SSLSUPP_CERTINFO |
1, /* have_pinnedpubkey */ SSLSUPP_PINNEDPUBKEY |
1, /* have_ssl_ctx */ SSLSUPP_SSL_CTX |
1, /* support_https_proxy */ SSLSUPP_HTTPS_PROXY,
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
@ -900,11 +900,8 @@ static void *Curl_polarssl_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_polarssl = { const struct Curl_ssl Curl_ssl_polarssl = {
{ CURLSSLBACKEND_POLARSSL, "polarssl" }, /* info */ { CURLSSLBACKEND_POLARSSL, "polarssl" }, /* info */
1, /* have_ca_path */ SSLSUPP_CA_PATH |
0, /* have_certinfo */ SSLSUPP_PINNEDPUBKEY,
1, /* have_pinnedpubkey */
0, /* have_ssl_ctx */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -1923,11 +1923,8 @@ static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_schannel = { const struct Curl_ssl Curl_ssl_schannel = {
{ CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */ { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */
0, /* have_ca_path */ SSLSUPP_CERTINFO |
1, /* have_certinfo */ SSLSUPP_PINNEDPUBKEY
1, /* have_pinnedpubkey */
0, /* have_ssl_ctx */
0, /* support_https_proxy */
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -211,7 +211,7 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
!conn->proxy_ssl[sockindex].use) { !conn->proxy_ssl[sockindex].use) {
struct ssl_backend_data *pbdata; struct ssl_backend_data *pbdata;
if(!Curl_ssl->support_https_proxy) if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
return CURLE_NOT_BUILT_IN; return CURLE_NOT_BUILT_IN;
/* The pointers to the ssl backend data, which is opaque here, are swapped /* The pointers to the ssl backend data, which is opaque here, are swapped
@ -1131,13 +1131,7 @@ static void Curl_multissl_close(struct connectdata *conn, int sockindex)
static const struct Curl_ssl Curl_ssl_multi = { static const struct Curl_ssl Curl_ssl_multi = {
{ CURLSSLBACKEND_NONE, "multi" }, /* info */ { CURLSSLBACKEND_NONE, "multi" }, /* info */
0, /* supports nothing */
0, /* have_ca_path */
0, /* have_certinfo */
0, /* have_pinnedpubkey */
0, /* have_ssl_ctx */
0, /* support_https_proxy */
(size_t)-1, /* something insanely large to be on the safe side */ (size_t)-1, /* something insanely large to be on the safe side */
Curl_multissl_init, /* init */ Curl_multissl_init, /* init */

View File

@ -26,20 +26,19 @@
struct connectdata; struct connectdata;
struct ssl_connect_data; struct ssl_connect_data;
#define SSLSUPP_CA_PATH (1<<0) /* supports CAPATH */
#define SSLSUPP_CERTINFO (1<<1) /* supports CURLOPT_CERTINFO */
#define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */
#define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */
#define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */
struct Curl_ssl { struct Curl_ssl {
/* /*
* This *must* be the first entry to allow returning the list of available * This *must* be the first entry to allow returning the list of available
* backends in curl_global_sslset(). * backends in curl_global_sslset().
*/ */
curl_ssl_backend info; curl_ssl_backend info;
unsigned int supports; /* bitfield, see above */
unsigned have_ca_path:1; /* supports CAPATH */
unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */
unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */
unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */
unsigned support_https_proxy:1; /* supports access via HTTPS proxies */
size_t sizeof_ssl_backend_data; size_t sizeof_ssl_backend_data;
int (*init)(void); int (*init)(void);