Граф коммитов

286 Коммитов

Автор SHA1 Сообщение Дата
Gisle Vanem 67b4d9b232 Recent OpenSSL returns a 'const' in '*_client_method()'. So avoid
'assignment discards qualifiers from pointer target type' warning.
2005-12-04 18:47:36 +00:00
Daniel Stenberg 9ace303528 Yang Tse fixed compiler warnings 2005-11-13 23:53:14 +00:00
Daniel Stenberg 20b17d6b04 the debug callback was called with CURLINFO_TEXT with the data size one
too big
2005-08-10 22:57:14 +00:00
Daniel Stenberg 4e26b2a65b fix compiler warning 2005-04-13 06:52:03 +00:00
Daniel Stenberg 6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
Daniel Stenberg ab4086bc24 Updated the copyright year since changes have been this year. 2005-03-31 07:02:02 +00:00
Dan Fandrich b01151e81c Reduced the length of data read from the random entropy file. 2005-03-04 22:36:56 +00:00
Dan Fandrich 67bd6f9ccd Don't try to read the whole of the random file because when /dev/urandom is
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
Daniel Stenberg 446b9467da init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
Daniel Stenberg 61a1e3cd01 better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
Daniel Stenberg 83bab78bda Hzhijun reported a memory leak in the SSL certificate code, that leaked the
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00
Gisle Vanem 754d6c3abd Remove 'data' initialiser. 2004-12-19 11:39:34 +00:00
Daniel Stenberg 3d647b9a98 if the pkcs12.h header exists, include it already in urldata.h to work around
a precedence problem with the zlib header. See CHANGES for details.
2004-12-19 09:37:32 +00:00
Daniel Stenberg 8ad47a13e5 Samuel Listopad added support for PKCS12 formatted certificates. 2004-12-18 10:42:48 +00:00
Daniel Stenberg 553082e24a prevent compiler warning when built without engine support 2004-12-14 22:06:25 +00:00
Dan Fandrich 10d6d8b2ae Header files are in openssl/ only if USE_OPENSSL is set. 2004-12-14 20:25:23 +00:00
Gisle Vanem 7d3f5d7ac1 urldata.h: Removed engine_list.
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist
which must be freed by caller.
2004-12-14 14:20:21 +00:00
Daniel Stenberg 07f107ae20 Moved the engine stuff from the root-level of the SessionHandle struct to the
UrlState sub-struct. Also made the engine_list exist for non-ssl builds to
make curl build.
2004-12-14 09:36:22 +00:00
Gisle Vanem bdb0620529 Added handling of CURLINFO_SSL_ENGINES;
Added Curl_SSL_engines_list(), cleanup SSL in url.c
(no HAVE_OPENSSL_x etc.).
2004-12-13 16:43:00 +00:00
Daniel Stenberg 8e34e75100 Curl_select's timeout arg is an int 2004-11-22 13:28:44 +00:00
Daniel Stenberg 1a05a90f1c David Phillips' FD_SETSIZE fix 2004-11-19 08:52:33 +00:00
Daniel Stenberg 5931d43a36 clean up start time and t_startsingle use so that redirect_time works properly 2004-11-15 11:27:03 +00:00
Daniel Stenberg 39af394a1c removed tabs and trailing whitespace from source 2004-10-06 07:50:18 +00:00
Daniel Stenberg 6fa624cf8c improved error message when client cert return failure 2004-09-02 21:03:41 +00:00
Daniel Stenberg 4934e6471b In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is
already UTF-8 encoded. We check for this case and copy the raw string manually
to avoid the problem. This code can be made conditional in the future when
OpenSSL has been fixed. Work-around brought by Alexis S. L. Carvalho.
2004-08-10 08:06:43 +00:00
Daniel Stenberg ae2f002b44 added typecast in an attempt to fix a mingw32 warning 2004-07-29 07:34:17 +00:00
Daniel Stenberg 4511f7ac50 SSL_get_verify_result() returns a long, so we receive the result in a long
and not an int.
2004-07-04 21:42:32 +00:00
Daniel Stenberg 090b89cc76 Variable type cleanups to please the picky MIPSPro compiler. 2004-07-01 08:10:21 +00:00
Daniel Stenberg 85bd4621db Prevent a very long password to buffer overflow the global variable we
use when built with a very old OpenSSL version.
2004-06-30 11:53:34 +00:00
Daniel Stenberg ba40eccc90 make the SSL connect use the same default connect timeout define as the
generic connect uses
2004-06-30 09:22:48 +00:00
Daniel Stenberg feb2dd2835 Replaced all uses of sprintf() with the safer snprintf(). It is just a
precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
Daniel Stenberg 76920413d9 Gisle fixed the wildcard checks for certificates. 2004-06-22 08:51:22 +00:00
Daniel Stenberg cf3f1ef284 prevent compiler warning 2004-06-19 09:38:08 +00:00
Daniel Stenberg bd3d5a17b4 Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on the
mailing list.
2004-06-18 06:20:43 +00:00
Daniel Stenberg be72eaa327 use Curl_strcasestr() when checking wildcard cert names 2004-06-13 08:33:26 +00:00
Daniel Stenberg 2511d1193a * seed_enough() was converted to a macro to avoid the IRIX compiler warning
about that passed-in argument not being used.
* killed trailing whitespace
2004-05-18 07:25:13 +00:00
Daniel Stenberg a9893ca79a Peter Sylvester's patch that addresses two flaws in the peer certificate name
verification:

- when multiple common names are used (as in the curl tests), the last name
needs to be selected.

- allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings.
2004-05-17 22:01:16 +00:00
Daniel Stenberg b5f85ba77d memory cleanup and check fix 2004-05-13 15:19:02 +00:00
Daniel Stenberg bbafb2eb27 curl_global_init_mem() allows the memory functions to be replaced.
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg 699ebe2f0b Gisle made the code use ERR_error_string_n() 2004-04-29 07:36:40 +00:00
Daniel Stenberg 4b9f8e766d Made host name and proxy name get stored in a 'struct hostname' and set
all things up to work with encoded host names internally, as well as keeping
'display names' to show in debug messages. IDN resolves work for me now using
ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right.
2004-04-27 13:56:23 +00:00
Daniel Stenberg fb1039f2ab Tor Arntsen fixed a 'Statement not reachable'-warning 2004-04-26 11:52:43 +00:00
Daniel Stenberg b7a7600465 Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-
length limit of the hostname part of the URL.
2004-04-20 07:53:24 +00:00
Daniel Stenberg 0c791d1e76 variable type usage cleanup to please picky compilers 2004-03-23 15:20:57 +00:00
Daniel Stenberg 326e8b9fc1 don't let the EINTR stuff build on windows 2004-03-11 12:57:04 +00:00
Daniel Stenberg 40e892bb36 Jeff Lawson fixed the SSL connection to deal with received signals during the
connect.
2004-03-10 08:43:01 +00:00
Daniel Stenberg ce5805a955 Use curl_socket_t instead of int for holding sockets. The typedefs and
defines are in setup.h.
2004-03-09 22:52:50 +00:00
Daniel Stenberg 4d17d6876e Dan Fandrich's cleanup patch to make pedantic compiler options cause less
warnings. Minor edits by me.
2004-01-29 13:56:45 +00:00
Daniel Stenberg 61e3d75def Gisle Vanem's patch for variables that "might be used uninitialized" 2004-01-16 09:17:04 +00:00
Daniel Stenberg 053f6c85ef updated year in the copyright string 2004-01-07 09:19:33 +00:00
Daniel Stenberg d8cf2d42c0 prevent warning for non-SSL builds 2003-11-24 11:44:04 +00:00
Daniel Stenberg 1e98727c55 FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it 2003-11-24 07:15:37 +00:00
Daniel Stenberg dfe0118033 Mathias Axelsson found a case where we free()d the server certificate twice! 2003-11-15 10:00:20 +00:00
Daniel Stenberg 14f795816d Georg Horn's fixes to do different CA cert verifications. They can now be
done even if the result is ignored, as some sites seem to require that.
2003-10-23 07:44:55 +00:00
Daniel Stenberg 597c1fe6bc rewritten alternative name check 2003-10-16 13:44:34 +00:00
Daniel Stenberg c6a0bb99af bad license situation for the altname patch 2003-10-15 14:42:11 +00:00
Daniel Stenberg ff5b6ff528 fixed to build fine without ssl 2003-10-08 13:06:50 +00:00
Daniel Stenberg 6494889e3b Neil Dunbar provided a patch that now makes libcurl check SSL
subjectAltNames when matching certs. This is apparently detailed in RFC2818
  as the right thing to do. I had to add configure checks for inet_pton() and
  our own (strictly speaking, code from BIND written by Paul Vixie) provided
  code for the function for platforms that miss it.
2003-10-07 21:46:47 +00:00
Daniel Stenberg 481094db90 warn if no CN is available if verify is only set to 1 2003-09-03 20:47:17 +00:00
Daniel Stenberg a8c78cbbb0 CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so
we need to check for its presence in the configure script
2003-08-19 09:56:16 +00:00
Daniel Stenberg dafc652f63 Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()
when we cleanup the SSL stuff to not leak any memory.

I wish this was documented anywhere.
2003-08-19 07:51:09 +00:00
Daniel Stenberg f9c3347f7c re-use existing variable instead of declaring a new local one 2003-07-05 13:27:02 +00:00
Daniel Stenberg 45fc760985 Peter Sylvester's patch was applied that introduces the following:
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
   OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
   anything but CURLE_OK is returned, that will also be returned by libcurl
   all the way back. If this function changes the CURLOPT_URL, libcurl will
   detect this and instead go use the new URL.

   CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
   with CURLOPT_SSL_CTX_FUNCTION.
2003-07-04 16:29:23 +00:00
Daniel Stenberg 308bc9d919 use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions 2003-06-26 11:22:12 +00:00
Daniel Stenberg d288222e80 work-around SSL implementation flaws better, pointed out in bug report
#745122.
2003-06-02 13:27:03 +00:00
Daniel Stenberg f213e857ab Andy Cedilnik fixed some compiler warnings 2003-05-01 13:37:36 +00:00
Daniel Stenberg 0b839c4f77 return the same error for the sslv2 "certificate verify failed" code 2003-04-14 22:00:36 +00:00
Daniel Stenberg 21873b52e9 Restored the SSL error codes since they was broken in the 7.10.4 release,
also now attempt to detect and return the specific CACERT error code.
2003-04-14 12:53:29 +00:00
Daniel Stenberg 9558f229db Fixup after talks with Richard Bramante. We should now make better
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-31 05:13:26 +00:00
Daniel Stenberg afffce80f0 Philippe Raoult needed this to build on FreeBSD 2003-03-13 21:41:02 +00:00
Daniel Stenberg 8755a6d1ac Richard Gorton improved the random_the_seed() function for systems where
we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure.
2003-03-11 18:55:34 +00:00
Daniel Stenberg 9121b1f41d the strequal and strnequal should now be called with the proper curl_ prefix 2003-02-28 12:20:08 +00:00
Daniel Stenberg a3d3642a30 spell better 2003-02-27 23:10:38 +00:00
Daniel Stenberg 69ab4cd391 include <sys/socket.h> to compile the fd_set stuff properly on all systems 2003-02-14 09:03:03 +00:00
Daniel Stenberg f56d006f93 Re-arranged the SSL connection code (again). The recent fix was not a very
good one. This should work fine again.
2003-02-05 07:43:05 +00:00
Daniel Stenberg 5d28f3781b Improved error reporting in case of bad SSL_connect()s, and we also no
longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly.
2003-02-04 12:29:57 +00:00
Daniel Stenberg a7c72b7abf removed the local variables for emacs and vim, use the new sample.emacs
way for emacs, and vim users should provide a similar non-polluting style
2003-01-29 10:14:20 +00:00
Daniel Stenberg f26a338a54 copyright year update in the source header 2003-01-16 21:08:12 +00:00
Daniel Stenberg ca134d5522 Philippe Raoult's fix to handle wildcard certificate name checks 2003-01-07 16:33:11 +00:00
Daniel Stenberg 3aea0d3d68 Evan Jordan's fix for a memory leak. Bug report 650989. 2002-12-13 14:08:49 +00:00
Daniel Stenberg 4bcc866c52 The fread() callback pointer and associated pointer is now stored in the
connectdata struct instead, and is no longer modified within the 'set' struct
as previously (which was a really BAAAD thing).
2002-12-09 15:37:54 +00:00
Daniel Stenberg ba4e69bebc updated source code boilerplate/header 2002-09-03 11:52:59 +00:00
Daniel Stenberg 56c43604d0 if verifypeer is enabled but nether CAfile nor CApath is, then don't try
to load "verify_locations"
2002-08-30 12:07:42 +00:00
Daniel Stenberg 0e0caf7c06 CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, we
proceed fine with the already existing options, just having a different
internal library default for capath.
2002-08-30 11:09:49 +00:00
Daniel Stenberg 8b77f40f99 This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is based
on a patch from Jacob Meuser, input from Gtz Babin-Ebell and my own
browsing of the latest include files.
2002-06-10 12:38:10 +00:00
Daniel Stenberg 323f195036 ASN1 files don't work for the *chain_file(), make them use the previous
version
2002-05-21 08:15:42 +00:00
Daniel Stenberg fe3ba1dd11 Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() instead
of the previous one that used SSL_CTX_use_certificate_file()
2002-05-20 14:25:35 +00:00
Daniel Stenberg 974f314f57 copyright string (year) update 2002-03-19 07:54:55 +00:00
Daniel Stenberg 5b58e61f28 now re-seed by force (even if already seeded) if a random file or egd socket
is given
2002-01-30 08:17:23 +00:00
Daniel Stenberg f114caca90 - T. Bharath pointed out that we seed SSL on every connect, which is a time-
consuming operation that should only be needed to do once. We patched
  libcurl to now only seed on the first connect when unseeded. The seeded
  status is global so it'll now only happen once during a program's life time.
2002-01-29 14:11:38 +00:00
Daniel Stenberg eba8035e12 Richard Archer made it compile and build with OpenSSL versions prior to
0.9.5
2002-01-17 10:40:13 +00:00
Daniel Stenberg d84a0c51e0 Cris Bailiff found out that when the SSL session cache was filled, libcurl
would crash. This corrects the problem.
2002-01-09 09:38:37 +00:00
Daniel Stenberg d57e09889a added a missing failf() before returning an error code 2002-01-08 23:23:24 +00:00
Daniel Stenberg d3299beec7 Modified to use non-blocking sockets all the time. 2002-01-07 18:38:01 +00:00
Daniel Stenberg af6c394785 Gtz Babin-Ebell's OpenSSL ENGINE patch 2001-12-17 23:01:39 +00:00
Daniel Stenberg e192261788 failf() calls should not have newlines in the message string! 2001-12-11 13:13:01 +00:00
Daniel Stenberg b8ff21124a Samuel Listopad's fix to allow global_init => global_cleanup => global_init
for ssl
2001-11-14 07:11:39 +00:00
Daniel Stenberg 2f77b0a4c6 we can now tell ssl to use TLSv1 protocol, and we now use defines instead
of real integers for versions, the defines are added to curl.h
2001-11-05 14:06:42 +00:00
Sterling Hughes 8e91d5de8e looks nicer and is better compatible with older vim versions 2001-10-11 09:32:19 +00:00
Daniel Stenberg 645413f5ef Lots of praise and glory to Vojtech Minarik for setting up a test server
and providing me with test-certificates that helped me nail the problem with
curl not discovering with a bad certificate was used.
2001-09-19 21:49:11 +00:00
Daniel Stenberg 1fde1431c9 narrowed some source lines to fit in 80 cols 2001-09-12 08:14:35 +00:00
Daniel Stenberg db7bde1d7a added ability to set prefered list of ciphers 2001-09-11 22:21:02 +00:00
Daniel Stenberg 894b47da9b ouputs the start and expire dates of the server certificate on verbose
output
2001-09-11 10:00:49 +00:00
Daniel Stenberg 46372c04ee made it compile properly when not building with SSL support 2001-09-07 09:40:46 +00:00
Sterling Hughes 6147879837 Added formatting sections for emacs and vim 2001-09-07 04:01:32 +00:00
Daniel Stenberg c3b448dcea moved the session ID cache state variables into the UrlState struct within
the SessionHandle. It was previously wrongly put in UserDefined
2001-09-06 08:32:01 +00:00
Daniel Stenberg 86da31e031 Curl_SSL_Close_All() now checks that we have a session cache before we run
around killing entries in it!
2001-09-06 06:26:24 +00:00
Daniel Stenberg 0ece1b5c34 Major rename and redesign of the internal "backbone" structs. Details will
be posted in a minute to the libcurl list.
2001-08-30 22:48:34 +00:00
Daniel Stenberg 26983053c4 take port numbers into account when finding a previous session from the
cache
2001-08-29 09:36:41 +00:00
Daniel Stenberg 3c52c53ddd Added SSL session ID caching, moved some SSL code from url.c to ssluse.c 2001-08-28 08:37:54 +00:00
Daniel Stenberg df09214c62 strcasecmp() is banned from our code, should be strequal() everywhere!
Tim Costello reported bug report #454858.
2001-08-24 06:20:47 +00:00
Daniel Stenberg bd0afd8db4 removed the use of the global array for the password that was necessary
for OpenSSL versions prior to 0.9.4, this is conditional and should still
work with older versions.
2001-08-14 08:36:30 +00:00
Daniel Stenberg 95837043e2 Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST and code to deal with
it.
2001-08-08 07:16:47 +00:00
Daniel Stenberg 813d7585c7 Nic Roets brought a fix for the certificate verification when using SSL. 2001-06-29 07:38:11 +00:00
Daniel Stenberg e39e6c537e removed a failf() that would overwrite the previous error message 2001-06-12 18:22:52 +00:00
Daniel Stenberg b541537c66 curl_global_init() support for CURL_GLOBAL_NOT_SSL 2001-05-30 08:00:29 +00:00
Daniel Stenberg d300cf4d84 T. Bharath's comments about SSL cleanup incorporated, and the two new
curl_global_* functions
2001-05-28 14:12:43 +00:00
Daniel Stenberg 8fd89d6b93 fixed Curl_SSLConnect() to return CURLcode errors, including the new error
code for peer certificate errors
2001-05-12 09:29:56 +00:00
Daniel Stenberg a652db18bd include debugmem for memory leak detection 2001-04-24 21:41:29 +00:00
Daniel Stenberg cce05b9138 Bjrn Stenberg corrected the silly '(void)data' usage when SSL is not
used
2001-03-14 10:15:42 +00:00
Daniel Stenberg 11ee547a0e Jrn Hartroth fixed a bad #endif placement 2001-03-14 08:20:41 +00:00
Daniel Stenberg f2fd1b8856 two new random seed options: CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET 2001-03-12 15:47:17 +00:00
Daniel Stenberg 2873c18132 removed compiler warning if HAVE_RAND_STATUS is false 2001-03-07 17:08:20 +00:00
Daniel Stenberg 2ef13230cb new seeding stuff as mentioned by Albert Chin 2001-03-06 00:04:58 +00:00
Daniel Stenberg a1d6ad2610 multiple connection support initial commit 2001-02-20 17:35:51 +00:00
Daniel Stenberg 4031104404 Internal symbols that aren't static are now prefixed with 'Curl_' 2001-01-05 10:11:41 +00:00
Daniel Stenberg 24dee483e9 dual-license fix 2001-01-03 09:29:33 +00:00
Daniel Stenberg 0cff279063 new urldata ssl layout and T. Bharath brought the new SSL cert verify function 2000-10-30 11:53:40 +00:00
Daniel Stenberg 60ee571bd6 CRYPTO_free() of course, it makes it run with previous openssl versions too 2000-09-26 07:03:59 +00:00
Daniel Stenberg e40f0be7e3 No longer uses Free() as that was removed from OpenSSL with 0.9.6 2000-09-25 22:04:51 +00:00
Daniel Stenberg b6e18f2f66 #include "setup.h" moved first of all includes 2000-08-24 14:26:33 +00:00
Daniel Stenberg 1ef3600a07 haxx.nu => haxx.se 2000-06-20 15:31:26 +00:00
Daniel Stenberg 96dde76b99 moved here from the newlib branch 2000-05-22 14:12:12 +00:00
Daniel Stenberg d48939c0c0 makes use of HAVE_RAND_SCREEN instead of WIN32 for using RAND_screen() 2000-03-16 11:41:27 +00:00
Daniel Stenberg d4e18e4179 Adjusted to run properly with OpenSSL 0.9.5. 2000-03-02 23:01:35 +00:00
Daniel Stenberg ae1912cb0d Initial revision 1999-12-29 14:20:26 +00:00