1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00
curl/lib/vtls
Jérémy Rocher 27cb384679
openssl: support BoringSSL TLS renegotiation
As per BoringSSL porting documentation [1], BoringSSL rejects peer
renegotiations by default.

curl fails when trying to authenticate to server through client
certificate if it is requested by server after the initial TLS
handshake.

Enable renegotiation by default with BoringSSL to get same behavior as
with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
which was introduced in commit 1d5ef3bb1eb9 [3].

1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86

Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
Fixes #3258
Closes #3259
2018-11-09 22:32:47 +01:00
..
cyassl.c wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random 2018-07-26 16:21:59 +02:00
cyassl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
darwinssl.c vtls: fix ssl version "or later" behavior change for many backends 2018-09-20 14:12:25 -04:00
darwinssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gskit.c gskit: make sure to terminate version string 2018-10-07 22:36:25 +02:00
gskit.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gtls.c gtls: Values stored to but never read 2018-10-26 13:51:07 +02:00
gtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mbedtls.c vtls: fix ssl version "or later" behavior change for many backends 2018-09-20 14:12:25 -04:00
mbedtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mesalink.c vtls: add MesaLink to curl_sslbackend enum 2018-10-30 16:56:51 +01:00
mesalink.h vtls: add a MesaLink vtls backend 2018-09-13 08:26:37 +02:00
nss.c nss: fix nssckbi module loading on Windows 2018-10-03 02:28:09 -04:00
nssg.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
openssl.c openssl: support BoringSSL TLS renegotiation 2018-11-09 22:32:47 +01:00
openssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
polarssl_threadlock.c code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
polarssl_threadlock.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
polarssl.c vtls: fix ssl version "or later" behavior change for many backends 2018-09-20 14:12:25 -04:00
polarssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
schannel_verify.c winssl: be consistent in Schannel capitalization 2018-11-07 10:11:13 +01:00
schannel.c winssl: be consistent in Schannel capitalization 2018-11-07 10:11:13 +01:00
schannel.h schannel: use Curl_ prefix for global private symbols 2018-11-01 09:39:45 +01:00
vtls.c axtls: removed 2018-11-01 10:29:53 +01:00
vtls.h axtls: removed 2018-11-01 10:29:53 +01:00