moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
19,441 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

297 Commits

Author SHA1 Message Date
Alessandro Ghedini a5e09e9eea gtls: properly retrieve certificate status 
Also print the revocation reason if appropriate.
 2015-05-04 13:42:45 +02:00
Daniel Stenberg 86bc654532 OpenSSL: conditional check for SSL3_RT_HEADER 
The symbol is fairly new.

Reported-by: Kamil Dudka
 2015-05-04 13:29:34 +02:00
Daniel Stenberg 690317aae2 openssl: skip trace outputs for ssl_ver == 0 
The OpenSSL trace callback is wonderfully undocumented but given a
journey in the source code, it seems the cases were ssl_ver is zero
doesn't follow the same pattern and thus turned out confusing and
misleading. For now, we skip doing any CURLINFO_TEXT logging on those
but keep sending them as CURLINFO_SSL_DATA_OUT/IN.

Also, I added direction to the text info and I edited some functions
slightly.

Bug: https://github.com/bagder/curl/issues/219
Reported-by: Jay Satiro, Ashish Shukla
 2015-05-04 12:27:59 +02:00
Marc Hoersken 3c104448d6 schannel.c: Small changes 2015-05-02 22:21:25 +02:00
Marc Hoersken ae8387b91c schannel.c: Improve code path and readability 2015-05-02 20:14:53 +02:00
Marc Hoersken d93619ca5d schannel.c: Improve error and return code handling upon aa99a63f03 2015-05-02 20:05:22 +02:00
Chris Araman aa99a63f03 schannel: fix regression in schannel_recv 
https://github.com/bagder/curl/issues/244

Commit 145c263 changed the behavior when Curl_read_plain returns
CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
correctly.
 2015-05-02 18:54:13 +02:00
Marc Hoersken 4bb8bad964 Bug born in changes made several days ago 9a91e80. 
Commit: https://github.com/bagder/curl/commit/926cb9f
Reported-by: Ray Satiro
 2015-05-01 09:39:34 +02:00
Jay Satiro 926cb9ff65 schannel: Fix out of bounds array 
Bug born in changes made several days ago 9a91e80.

Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
Reported-by: Brian Chrisman
 2015-04-30 01:44:45 -04:00
Paul Howarth d4f62f6c5d nss: fix compilation failure with old versions of NSS 
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
 2015-04-27 15:37:16 +02:00
Marc Hoersken 92e754de78 schannel.c: Fix typo introduced with 3447c973d0 2015-04-26 19:57:05 +02:00
Marc Hoersken 9a91e8059b schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error 
Reported-by: Brian Chrisman
 2015-04-26 17:59:01 +02:00
Daniel Stenberg 3447c973d0 schannel: re-indented file to follow curl style better 
white space changes only
 2015-04-26 17:40:40 +02:00
Daniel Stenberg cae43a10cb Curl_ossl_init: load builtin modules 
To have engine modules work, we must tell openssl to load builtin
modules first.

Bug: https://github.com/bagder/curl/pull/206
 2015-04-26 17:26:31 +02:00
Daniel Stenberg aff153f83a openssl: fix serial number output 
The code extracting the cert serial number was broken and didn't display
it properly.

Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
 2015-04-26 16:36:19 +02:00
Jay Satiro 0675abbc75 cyassl: Implement public key pinning 
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
 2015-04-22 17:07:19 -04:00
Kamil Dudka b47c17d67c nss: implement public key pinning for NSS backend 
Bug: https://bugzilla.redhat.com/1195771
 2015-04-22 13:21:31 +02:00
byronhe 6088fbce06 openssl: add OPENSSL_NO_SSL3_METHOD check 2015-04-21 15:25:21 -04:00
Viktor Szakáts 3a87bdebd1 vtls/openssl: use https in URLs and a comment typo fixed 2015-04-19 19:52:37 +02:00
Jay Satiro f70112522f cyassl: Fix include order 
Prior to this change CyaSSL's build options could redefine some generic
build symbols.

http://curl.haxx.se/mail/lib-2015-04/0069.html
 2015-04-17 15:24:04 -04:00
Jay Satiro 9430dd583e cyassl: Add support for TLS extension SNI 2015-04-14 02:05:25 -04:00
Matthew Hall a471a9f3b6 vtls_openssl: improve PKCS#12 load failure error message 2015-04-13 22:25:04 +02:00
Matthew Hall 27ac643455 vtls_openssl: fix minor typo in PKCS#12 load routine 2015-04-13 22:25:04 +02:00
Matthew Hall b3175a767d vtls_openssl: improve client certificate load failure error messages 2015-04-13 22:25:04 +02:00
Matthew Hall 58b0a8b059 vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant 2015-04-13 22:25:04 +02:00
Jay Satiro 72bea7cc65 cyassl: Include the CyaSSL build config 
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
 2015-04-11 23:58:42 -04:00
Jay Satiro d363c07912 cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size 
Also fix it so that all ERR_error_string calls use an error buffer.
CyaSSL's implementation of ERR_error_string only writes the error when
an error buffer is passed.

http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
 2015-04-06 17:54:14 +02:00
Jay Satiro a30be951d6 cyassl: Remove 'Connecting to' message from cyassl_connect_step2 
Prior to this change libcurl could show multiple 'CyaSSL: Connecting to'
messages since cyassl_connect_step2 is called multiple times, typically.
The message is superfluous even once since libcurl already informs the
user elsewhere in code that it is connecting.
 2015-04-05 18:18:11 +02:00
Jay Satiro f203edc544 cyassl: Set minimum protocol version before CTX callback 
This change is to allow the user's CTX callback to change the minimum
protocol version in the CTX without us later overriding it, as we did
prior to this change.
 2015-04-03 10:51:58 +02:00
Jay Satiro 0b5efa57ad cyassl: Fix certificate load check 
SSL_CTX_load_verify_locations can return negative values on fail,
therefore to check for failure we check if load is != 1 (success)
instead of if load is == 0 (failure), the latter being incorrect given
that behavior.
 2015-04-02 17:18:42 +02:00
Jay Satiro b121633402 cyassl: Fix library initialization return value 
(Curl_cyassl_init)
- Return 1 on success, 0 in failure.

Prior to this change the fail path returned an incorrect value and the
evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
Ironically that combined with the way curl_global_init tests SSL library
initialization (!Curl_ssl_init()) meant that CyaSSL having been
successfully initialized would be seen as that even though the code path
and return value in Curl_cyassl_init were wrong.
 2015-04-01 08:10:58 +02:00
Dan Fandrich 049fe7fb53 axtls: add timeout within Curl_axtls_connect 
This allows test 405 to pass on axTLS.
 2015-03-31 02:04:22 +02:00
Jay Satiro fcdc597b1a cyassl: CTX callback cosmetic changes and doc fix 
- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
 2015-03-28 16:41:51 +01:00
Kyle L. Huff d2feb71752 cyassl: add SSL context callback support for CyaSSL 
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
 2015-03-27 23:32:14 +01:00
Kyle L. Huff 211f1e3c6b cyassl: remove undefined reference to CyaSSL_no_filesystem_verify 
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.
 2015-03-27 23:31:12 +01:00
Jay Satiro e7a289ebb9 vtls: Don't accept unknown CURLOPT_SSLVERSION values 2015-03-27 09:32:23 +01:00
Daniel Stenberg 5b58bface3 polarssl: called mbedTLS in 1.3.10 and later 2015-03-25 09:19:57 +01:00
Daniel Stenberg 83b29e43cd polarssl: remove dead code 
and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement
 2015-03-25 09:01:11 +01:00
Daniel Stenberg 24908c12d7 polarssl: remove superfluous for(;;) loop 
"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707
 2015-03-25 08:49:34 +01:00
Daniel Stenberg 4e299192ed Curl_ssl_md5sum: return CURLcode 
... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.
 2015-03-25 08:32:12 +01:00
Jay Satiro e35f2e61ec cyassl: default to highest possible TLS version 
(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f
 2015-03-25 08:10:24 +01:00
Jay Satiro d29f8b460c cyassl: Check for invalid length parameter in Curl_cyassl_random 2015-03-25 08:08:12 +01:00
Jay Satiro ec31962640 cyassl: If wolfSSL then identify as such in version string 2015-03-25 08:08:12 +01:00
Dan Fandrich 35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded 
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
 2015-03-24 23:47:01 +01:00
Daniel Stenberg ac2827ac09 openssl: do the OCSP work-around for libressl too 
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
 2015-03-24 23:39:52 +01:00
Daniel Stenberg bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a 
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
 2015-03-24 23:06:37 +01:00
Daniel Stenberg 7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich 56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL 
This is a strange combination of options, but is allowed.
 2015-03-24 21:41:22 +01:00
Dan Fandrich 430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann 7f5a170442 darwinsssl: add support for TLS False Start 
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
 2015-03-21 12:22:56 -05:00