mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 00:28:48 -05:00
3e7ec1e849
This commit is several drafts squashed together. The changes from each draft are noted below. If any changes are similar and possibly contradictory the change in the latest draft takes precedence. Bug: https://github.com/bagder/curl/issues/244 Reported-by: Chris Araman %% %% Draft 1 %% - return 0 if len == 0. that will have to be documented. - continue on and process the caches regardless of raw recv - if decrypted data will be returned then set the error code to CURLE_OK and return its count - if decrypted data will not be returned and the connection has closed (eg nread == 0) then return 0 and CURLE_OK - if decrypted data will not be returned and the connection *hasn't* closed then set the error code to CURLE_AGAIN --only if an error code isn't already set-- and return -1 - narrow the Win2k workaround to only Win2k %% %% Draft 2 %% - Trying out a change in flow to handle corner cases. %% %% Draft 3 %% - Back out the lazier decryption change made in draft2. %% %% Draft 4 %% - Some formatting and branching changes - Decrypt all encrypted cached data when len == 0 - Save connection closed state - Change special Win2k check to use connection closed state %% %% Draft 5 %% - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the connection isn't closed. %% %% Draft 6 %% - Save the last error only if it is an unrecoverable error. Prior to this I saved the last error state in all cases; unfortunately the logic to cover that in all cases would lead to some muddle and I'm concerned that could then lead to a bug in the future so I've replaced it by only recording an unrecoverable error and that state will persist. - Do not recurse on renegotiation. Instead we'll continue on to process any trailing encrypted data received during the renegotiation only. - Move the err checks in cleanup after the check for decrypted data. In either case decrypted data is always returned but I think it's easier to understand when those err checks come after the decrypted data check. %% %% Draft 7 %% - Regardless of len value go directly to cleanup if there is an unrecoverable error or a close_notify was already received. Prior to this change we only acknowledged those two states if len != 0. - Fix a bug in connection closed behavior: Set the error state in the cleanup, because we don't know for sure it's an error until that time. - (Related to above) In the case the connection is closed go "greedy" with the decryption to make sure all remaining encrypted data has been decrypted even if it is not needed at that time by the caller. This is necessary because we can only tell if the connection closed gracefully (close_notify) once all encrypted data has been decrypted. - Do not renegotiate when an unrecoverable error is pending. %% %% Draft 8 %% - Don't show 'server closed the connection' info message twice. - Show an info message if server closed abruptly (missing close_notify).
119 lines
3.9 KiB
C
119 lines
3.9 KiB
C
#ifndef HEADER_CURL_SCHANNEL_H
|
|
#define HEADER_CURL_SCHANNEL_H
|
|
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
|
|
* Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
#include "curl_setup.h"
|
|
|
|
#ifdef USE_SCHANNEL
|
|
|
|
#include "urldata.h"
|
|
|
|
#ifndef UNISP_NAME_A
|
|
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
|
|
#endif
|
|
|
|
#ifndef UNISP_NAME_W
|
|
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
|
|
#endif
|
|
|
|
#ifndef UNISP_NAME
|
|
#ifdef UNICODE
|
|
#define UNISP_NAME UNISP_NAME_W
|
|
#else
|
|
#define UNISP_NAME UNISP_NAME_A
|
|
#endif
|
|
#endif
|
|
|
|
#ifndef SP_PROT_SSL2_CLIENT
|
|
#define SP_PROT_SSL2_CLIENT 0x00000008
|
|
#endif
|
|
|
|
#ifndef SP_PROT_SSL3_CLIENT
|
|
#define SP_PROT_SSL3_CLIENT 0x00000008
|
|
#endif
|
|
|
|
#ifndef SP_PROT_TLS1_CLIENT
|
|
#define SP_PROT_TLS1_CLIENT 0x00000080
|
|
#endif
|
|
|
|
#ifndef SP_PROT_TLS1_0_CLIENT
|
|
#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
|
|
#endif
|
|
|
|
#ifndef SP_PROT_TLS1_1_CLIENT
|
|
#define SP_PROT_TLS1_1_CLIENT 0x00000200
|
|
#endif
|
|
|
|
#ifndef SP_PROT_TLS1_2_CLIENT
|
|
#define SP_PROT_TLS1_2_CLIENT 0x00000800
|
|
#endif
|
|
|
|
#ifndef SECBUFFER_ALERT
|
|
#define SECBUFFER_ALERT 17
|
|
#endif
|
|
|
|
/* Both schannel buffer sizes must be > 0 */
|
|
#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
|
|
#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
|
|
|
|
|
|
CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
|
|
|
|
CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
|
|
int sockindex,
|
|
bool *done);
|
|
|
|
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
|
|
void Curl_schannel_close(struct connectdata *conn, int sockindex);
|
|
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
|
|
void Curl_schannel_session_free(void *ptr);
|
|
|
|
int Curl_schannel_init(void);
|
|
void Curl_schannel_cleanup(void);
|
|
size_t Curl_schannel_version(char *buffer, size_t size);
|
|
|
|
int Curl_schannel_random(unsigned char *entropy, size_t length);
|
|
|
|
/* Set the API backend definition to Schannel */
|
|
#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL
|
|
|
|
/* API setup for Schannel */
|
|
#define curlssl_init Curl_schannel_init
|
|
#define curlssl_cleanup Curl_schannel_cleanup
|
|
#define curlssl_connect Curl_schannel_connect
|
|
#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking
|
|
#define curlssl_session_free Curl_schannel_session_free
|
|
#define curlssl_close_all(x) ((void)x)
|
|
#define curlssl_close Curl_schannel_close
|
|
#define curlssl_shutdown Curl_schannel_shutdown
|
|
#define curlssl_set_engine(x,y) ((void)x, (void)y, CURLE_NOT_BUILT_IN)
|
|
#define curlssl_set_engine_default(x) ((void)x, CURLE_NOT_BUILT_IN)
|
|
#define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL)
|
|
#define curlssl_version Curl_schannel_version
|
|
#define curlssl_check_cxn(x) ((void)x, -1)
|
|
#define curlssl_data_pending Curl_schannel_data_pending
|
|
#define curlssl_random(x,y,z) ((void)x, Curl_schannel_random(y,z))
|
|
|
|
#endif /* USE_SCHANNEL */
|
|
#endif /* HEADER_CURL_SCHANNEL_H */
|