1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
curl/lib/vtls
Johannes Schindelin aa0f41a5fc schannel: make CAinfo parsing resilient to CR/LF
OpenSSL has supported --cacert for ages, always accepting LF-only line
endings ("Unix line endings") as well as CR/LF line endings ("Windows
line endings").

When we introduced support for --cacert also with Secure Channel (or in
cURL speak: "WinSSL"), we did not take care to support CR/LF line
endings, too, even if we are much more likely to receive input in that
form when using Windows.

Let's fix that.

Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
accepts CR/LF input already, and the trailing LF before the END
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
we need to care about is the BEGIN CERTIFICATE marker. We do not
actually need to verify here that the line ending is CR/LF. Just
checking for a CR or an LF is really plenty enough.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/2592
2018-05-22 02:29:55 -04:00
..
axtls.c vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00
axtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
cyassl.c checksrc: make sure sizeof() is used *with* parentheses 2018-05-21 23:21:47 +02:00
cyassl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
darwinssl.c vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00
darwinssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gskit.c checksrc: make sure sizeof() is used *with* parentheses 2018-05-21 23:21:47 +02:00
gskit.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gtls.c vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00
gtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mbedtls.c lib: Fix format specifiers 2018-05-14 09:42:27 +02:00
mbedtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
nss.c checksrc: make sure sizeof() is used *with* parentheses 2018-05-21 23:21:47 +02:00
nssg.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
openssl.c openssl: acknowledge --tls-max for default version too 2018-05-17 13:34:47 +02:00
openssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
polarssl_threadlock.c code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
polarssl_threadlock.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
polarssl.c vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00
polarssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
schannel_verify.c schannel: make CAinfo parsing resilient to CR/LF 2018-05-22 02:29:55 -04:00
schannel.c checksrc: make sure sizeof() is used *with* parentheses 2018-05-21 23:21:47 +02:00
schannel.h schannel: disable manual verify if APIs not available 2018-05-16 02:21:05 -04:00
vtls.c vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00
vtls.h vtls: use unified "supports" bitfield member in backends 2018-05-04 22:31:19 +02:00