1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

20 Commits

Author SHA1 Message Date
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
82e3e8e31f openssl: build with < 0.9.8
... without sha256 support and no define saying so.

Reported-by: Rajkumar Mandal
2015-09-17 08:54:04 +02:00
John Malmberg
79416fb2d6 openssl: VMS support for SHA256
setup-vms.h: More symbols for SHA256, hacks for older VAX

openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX.

openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to
allow building on VAX and 64 bit VMS.
2015-07-14 01:25:36 -04:00
55b78c5ae9 SSL: Pinned public key hash support 2015-07-01 19:43:47 +02:00
Daniel Stenberg
186e46d88d openssl: use colons properly in the ciphers list
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
2015-03-12 23:29:46 +01:00
Daniel Stenberg
0d1060f21e openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12 23:16:28 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Steve Holme
8bb3443a21 vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
Steve Holme
037cd0d991 vtls: Fixed compilation warning and an ignored return code
curl_schannel.h:123: warning: right-hand operand of comma expression
                     has no effect

Some instances of the curlssl_close_all() function were declared with a
void return type whilst others as int. The schannel version returned
CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
return code was ignored by the calling function Curl_ssl_close_all().

For the time being and to keep the internal API consistent, changed all
declarations to use a void return type.

To reduce code we might want to consider removing the unimplemented
versions and use a void #define like schannel does.
2014-12-28 17:33:01 +00:00
Patrick Monnerat
8fdf832e5f vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation 2014-10-13 14:39:50 +02:00
Daniel Stenberg
d57d041d67 curlssl: make tls backend symbols use curlssl in the name 2014-09-13 15:31:12 +02:00
Daniel Stenberg
4c2e40a488 url: let the backend decide CURLOPT_SSL_CTX_ support
... to further remove specific TLS backend knowledge from url.c
2014-09-13 15:28:08 +02:00
Daniel Stenberg
7494f0f498 vtls: have the backend tell if it supports CERTINFO 2014-09-13 15:11:26 +02:00
Daniel Stenberg
8250f93d41 CURLOPT_CAPATH: return failure if set without backend support 2014-09-13 14:56:27 +02:00
Daniel Stenberg
a439e438f3 ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
2014-07-31 12:19:51 +02:00
Daniel Stenberg
8dfd22089c vtls: make the random function mandatory in the TLS backend
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.
2014-07-30 00:05:47 +02:00
Daniel Stenberg
3b5c75ef3d OpenSSL: deselect weak ciphers by default
By default even recent versions of OpenSSL support and accept both
"export strength" ciphers, small-bitsize ciphers as well as downright
deprecated ones.

This change sets a default cipher set that avoids the worst ciphers, and
subsequently makes https://www.howsmyssl.com/a/check no longer grade
curl/OpenSSL connects as 'Bad'.

Bug: http://curl.haxx.se/bug/view.cgi?id=1323
Reported-by: Jeff Hodges
2014-01-12 00:14:01 +01:00
Steve Holme
f88f9bed00 vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
Daniel Stenberg
92b9ae5c5d openssl: renamed backend files to openssl.[ch] 2013-12-20 17:12:42 +01:00