mirror/CMake
1
0
Fork 0
mirror of https://github.com/Kitware/CMake.git synced 2026-01-06 05:40:54 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'upstream-curl' into update-curl

Browse Source 
* upstream-curl:
  curl 2022-05-11 (462196e6)
This commit is contained in:
Brad King
2022-05-16 11:43:51 -04:00
parent 02902188ec 9d8f81f4f8
commit 71747a28ea
26 changed files with 290 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Utilities/cmcurl/include/curl/curlver.h
View File

@@ -30,13 +30,13 @@
/* This is the version number of the libcurl package from which this header
file origins: */
#define LIBCURL_VERSION "7.83.0"
#define LIBCURL_VERSION "7.83.1"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
#define LIBCURL_VERSION_MINOR 83
#define LIBCURL_VERSION_PATCH 0
#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
#define LIBCURL_VERSION_NUM 0x075300
#define LIBCURL_VERSION_NUM 0x075301
/*
* This is the date and time when the full source package was created. The

27
Utilities/cmcurl/lib/altsvc.c
View File

@@ -102,12 +102,17 @@ static struct altsvc *altsvc_createid(const char *srchost,
unsigned int dstport)
{
struct altsvc *as = calloc(sizeof(struct altsvc), 1);
size_t hlen;
if(!as)
return NULL;
hlen = strlen(srchost);
DEBUGASSERT(hlen);
as->src.host = strdup(srchost);
if(!as->src.host)
goto error;
if(hlen && (srchost[hlen - 1] == '.'))
/* strip off trailing any dot */
as->src.host[--hlen] = 0;
as->dst.host = strdup(dsthost);
if(!as->dst.host)
goto error;
@@ -398,6 +403,22 @@ static CURLcode getalnum(const char **ptr, char *alpnbuf, size_t buflen)
return CURLE_OK;
}
/* hostcompare() returns true if 'host' matches 'check'. The first host
* argument may have a trailing dot present that will be ignored.
*/
static bool hostcompare(const char *host, const char *check)
{
size_t hlen = strlen(host);
size_t clen = strlen(check);
if(hlen && (host[hlen - 1] == '.'))
hlen--;
if(hlen != clen)
/* they can't match if they have different lengths */
return FALSE;
return strncasecompare(host, check, hlen);
}
/* altsvc_flush() removes all alternatives for this source origin from the
list */
static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid,
@@ -410,7 +431,7 @@ static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid,
n = e->next;
if((srcalpnid == as->src.alpnid) &&
(srcport == as->src.port) &&
strcasecompare(srchost, as->src.host)) {
hostcompare(srchost, as->src.host)) {
Curl_llist_remove(&asi->list, e, NULL);
altsvc_free(as);
}
@@ -635,7 +656,7 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi,
continue;
}
if((as->src.alpnid == srcalpnid) &&
strcasecompare(as->src.host, srchost) &&
hostcompare(srchost, as->src.host) &&
(as->src.port == srcport) &&
(versions & as->dst.alpnid)) {
/* match */

12
Utilities/cmcurl/lib/c-hyper.c
View File

@@ -439,6 +439,13 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data,
reasonp = hyper_response_reason_phrase(resp);
reason_len = hyper_response_reason_phrase_len(resp);
if(http_status == 417 && data->state.expect100header) {
infof(data, "Got 417 while waiting for a 100");
data->state.disableexpect = TRUE;
data->req.newurl = strdup(data->state.url);
Curl_done_sending(data, k);
}
result = status_line(data, conn,
http_status, http_version, reasonp, reason_len);
if(result)
@@ -951,6 +958,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
goto error;
}
}
else {
if(!h2 && !data->state.disableexpect) {
data->state.expect100header = TRUE;
}
}
if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) {
failf(data, "error setting method");

10
Utilities/cmcurl/lib/cookie.c
View File

@@ -427,7 +427,15 @@ static void remove_expired(struct CookieInfo *cookies)
/* Make sure domain contains a dot or is localhost. */
static bool bad_domain(const char *domain)
{
return !strchr(domain, '.') && !strcasecompare(domain, "localhost");
if(strcasecompare(domain, "localhost"))
return FALSE;
else {
/* there must be a dot present, but that dot must not be a trailing dot */
char *dot = strchr(domain, '.');
if(dot)
return dot[1] ? FALSE : TRUE;
}
return TRUE;
}
/*

8
Utilities/cmcurl/lib/easy.c
View File

@@ -1139,7 +1139,7 @@ CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen,
if(!data->conn)
/* on first invoke, the transfer has been detached from the connection and
needs to be reattached */
Curl_attach_connnection(data, c);
Curl_attach_connection(data, c);
*n = 0;
result = Curl_read(data, sfd, buffer, buflen, &n1);
@@ -1175,7 +1175,7 @@ CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer,
if(!data->conn)
/* on first invoke, the transfer has been detached from the connection and
needs to be reattached */
Curl_attach_connnection(data, c);
Curl_attach_connection(data, c);
*n = 0;
sigpipe_ignore(data, &pipe_st);
@@ -1209,12 +1209,12 @@ static int conn_upkeep(struct Curl_easy *data,
if(conn->handler->connection_check) {
/* briefly attach the connection to this transfer for the purpose of
checking it */
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
/* Do a protocol-specific keepalive check on the connection. */
conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE);
/* detach the connection again */
Curl_detach_connnection(data);
Curl_detach_connection(data);
}
return 0; /* continue iteration */

2
Utilities/cmcurl/lib/hostip.c
View File

@@ -1268,7 +1268,7 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done)
result = Curl_setup_conn(data, protocol_done);
if(result) {
Curl_detach_connnection(data);
Curl_detach_connection(data);
Curl_conncache_remove_conn(data, conn, TRUE);
Curl_disconnect(data, conn, TRUE);
}

30
Utilities/cmcurl/lib/hsts.c
View File

@@ -114,16 +114,25 @@ static CURLcode hsts_create(struct hsts *h,
curl_off_t expires)
{
struct stsentry *sts = hsts_entry();
char *duphost;
size_t hlen;
if(!sts)
return CURLE_OUT_OF_MEMORY;
sts->expires = expires;
sts->includeSubDomains = subdomains;
sts->host = strdup(hostname);
if(!sts->host) {
duphost = strdup(hostname);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
}
hlen = strlen(duphost);
if(duphost[hlen - 1] == '.')
/* strip off trailing any dot */
duphost[--hlen] = 0;
sts->host = duphost;
sts->expires = expires;
sts->includeSubDomains = subdomains;
Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
return CURLE_OK;
}
@@ -238,10 +247,21 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
bool subdomain)
{
if(h) {
char buffer[MAX_HSTS_HOSTLEN + 1];
time_t now = time(NULL);
size_t hlen = strlen(hostname);
struct Curl_llist_element *e;
struct Curl_llist_element *n;
if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
return NULL;
memcpy(buffer, hostname, hlen);
if(hostname[hlen-1] == '.')
/* remove the trailing dot */
--hlen;
buffer[hlen] = 0;
hostname = buffer;
for(e = h->list.head; e; e = n) {
struct stsentry *sts = e->ptr;
n = e->next;
@@ -440,7 +460,7 @@ static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
CURLSTScode sc;
DEBUGASSERT(h);
do {
char buffer[257];
char buffer[MAX_HSTS_HOSTLEN + 1];
struct curl_hstsentry e;
e.name = buffer;
e.namelen = sizeof(buffer)-1;

30
Utilities/cmcurl/lib/http.c
View File

@@ -651,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data)
return result;
}
/*
* Curl_allow_auth_to_host() tells if authentication, cookies or other
* "sensitive data" can (still) be sent to this host.
*/
bool Curl_allow_auth_to_host(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
return (!data->state.this_is_a_follow ||
data->set.allow_auth_to_other_hosts ||
(data->state.first_host &&
strcasecompare(data->state.first_host, conn->host.name) &&
(data->state.first_remote_port == conn->remote_port) &&
(data->state.first_remote_protocol == conn->handler->protocol)));
}
#ifndef CURL_DISABLE_HTTP_AUTH
/*
* Output the correct authentication header depending on the auth type
@@ -775,21 +790,6 @@ output_auth_headers(struct Curl_easy *data,
return CURLE_OK;
}
/*
* Curl_allow_auth_to_host() tells if authentication, cookies or other
* "sensitive data" can (still) be sent to this host.
*/
bool Curl_allow_auth_to_host(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
return (!data->state.this_is_a_follow ||
data->set.allow_auth_to_other_hosts ||
(data->state.first_host &&
strcasecompare(data->state.first_host, conn->host.name) &&
(data->state.first_remote_port == conn->remote_port) &&
(data->state.first_remote_protocol == conn->handler->protocol)));
}
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication

7
Utilities/cmcurl/lib/http_proxy.c
View File

@@ -967,6 +967,13 @@ static CURLcode CONNECT(struct Curl_easy *data,
break;
}
if(conn->bits.close && data->req.newurl) {
/* Connection closed by server. Don't use it anymore */
Curl_closesocket(data, conn, conn->sock[sockindex]);
conn->sock[sockindex] = CURL_SOCKET_BAD;
break;
}
/* If we are supposed to continue and request a new URL, which basically
* means the HTTP authentication is still going on so if the tunnel
* is complete we start over in INIT state */

18
Utilities/cmcurl/lib/multi.c
View File

@@ -118,7 +118,7 @@ static void init_completed(struct Curl_easy *data)
/* Important: reset the conn pointer so that we don't point to memory
that could be freed anytime */
Curl_detach_connnection(data);
Curl_detach_connection(data);
Curl_expire_clear(data); /* stop all timers */
}
@@ -635,7 +635,7 @@ static CURLcode multi_done(struct Curl_easy *data,
process_pending_handles(data->multi); /* connection / multiplex */
CONNCACHE_LOCK(data);
Curl_detach_connnection(data);
Curl_detach_connection(data);
if(CONN_INUSE(conn)) {
/* Stop if still used. */
CONNCACHE_UNLOCK(data);
@@ -824,7 +824,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
that vanish with this handle */
/* Remove the association between the connection and the handle */
Curl_detach_connnection(data);
Curl_detach_connection(data);
if(data->state.lastconnect_id != -1) {
/* Mark any connect-only connection for closure */
@@ -899,12 +899,12 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi)
}
/*
* Curl_detach_connnection() removes the given transfer from the connection.
* Curl_detach_connection() removes the given transfer from the connection.
*
* This is the only function that should clear data->conn. This will
* occasionally be called with the data->conn pointer already cleared.
*/
void Curl_detach_connnection(struct Curl_easy *data)
void Curl_detach_connection(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
if(conn) {
@@ -916,11 +916,11 @@ void Curl_detach_connnection(struct Curl_easy *data)
}
/*
* Curl_attach_connnection() attaches this transfer to this connection.
* Curl_attach_connection() attaches this transfer to this connection.
*
* This is the only function that should assign data->conn
*/
void Curl_attach_connnection(struct Curl_easy *data,
void Curl_attach_connection(struct Curl_easy *data,
struct connectdata *conn)
{
DEBUGASSERT(!data->conn);
@@ -1540,7 +1540,7 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
/* take this handle to the perform state right away */
multistate(data, MSTATE_PERFORMING);
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
k->keepon |= KEEP_RECV; /* setup to receive! */
}
return rc;
@@ -2558,7 +2558,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* This is where we make sure that the conn pointer is reset.
We don't have to do this in every case block above where a
failure is detected */
Curl_detach_connnection(data);
Curl_detach_connection(data);
/* remove connection from cache */
Curl_conncache_remove_conn(data, conn, TRUE);

6
Utilities/cmcurl/lib/multiif.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,9 +31,9 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id);
void Curl_expire_clear(struct Curl_easy *data);
void Curl_expire_done(struct Curl_easy *data, expire_id id);
CURLMcode Curl_update_timer(struct Curl_multi *multi) WARN_UNUSED_RESULT;
void Curl_attach_connnection(struct Curl_easy *data,
void Curl_attach_connection(struct Curl_easy *data,
struct connectdata *conn);
void Curl_detach_connnection(struct Curl_easy *data);
void Curl_detach_connection(struct Curl_easy *data);
bool Curl_multiplex_wanted(const struct Curl_multi *multi);
void Curl_set_in_callback(struct Curl_easy *data, bool value);
bool Curl_is_in_callback(struct Curl_easy *easy);

29
Utilities/cmcurl/lib/setopt.c
View File

@@ -2294,6 +2294,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_SSL_OPTIONS:
arg = va_arg(param, long);
data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
@@ -2307,6 +2308,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_OPTIONS:
arg = va_arg(param, long);
data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
@@ -2745,49 +2747,52 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
va_arg(param, char *));
if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
if(data->set.str[STRING_TLSAUTH_USERNAME] &&
!data->set.ssl.primary.authtype)
data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
break;
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
va_arg(param, char *));
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
!data->set.proxy_ssl.authtype)
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
!data->set.proxy_ssl.primary.authtype)
data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to
SRP */
break;
#endif
case CURLOPT_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
va_arg(param, char *));
if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
if(data->set.str[STRING_TLSAUTH_USERNAME] &&
!data->set.ssl.primary.authtype)
data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
break;
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLSAUTH_PASSWORD:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
va_arg(param, char *));
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
!data->set.proxy_ssl.authtype)
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
!data->set.proxy_ssl.primary.authtype)
data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
break;
#endif
case CURLOPT_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
data->set.ssl.authtype = CURL_TLSAUTH_SRP;
data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
else
data->set.ssl.authtype = CURL_TLSAUTH_NONE;
data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
break;
#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
else
data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
break;
#endif
#endif

52
Utilities/cmcurl/lib/url.c
View File

@@ -372,7 +372,7 @@ CURLcode Curl_close(struct Curl_easy **datap)
/* Detach connection if any is left. This should not be normal, but can be
the case for example with CONNECT_ONLY + recv/send (test 556) */
Curl_detach_connnection(data);
Curl_detach_connection(data);
m = data->multi;
if(m)
/* This handle is still part of a multi handle, take care of this first
@@ -542,7 +542,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
set->ssl.authtype = CURL_TLSAUTH_NONE;
set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
@@ -859,7 +859,7 @@ void Curl_disconnect(struct Curl_easy *data,
/* temporarily attach the connection to this transfer handle for the
disconnect and shutdown */
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
if(conn->handler->disconnect)
/* This is set if protocol-specific cleanups should be made */
@@ -868,7 +868,7 @@ void Curl_disconnect(struct Curl_easy *data,
conn_shutdown(data, conn);
/* detach it again */
Curl_detach_connnection(data);
Curl_detach_connection(data);
conn_free(conn);
}
@@ -1020,12 +1020,12 @@ static bool extract_if_dead(struct connectdata *conn,
/* briefly attach the connection to this transfer for the purpose of
checking it */
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
state = conn->handler->connection_check(data, conn, CONNCHECK_ISDEAD);
dead = (state & CONNRESULT_DEAD);
/* detach the connection again */
Curl_detach_connnection(data);
Curl_detach_connection(data);
}
else {
@@ -1100,6 +1100,12 @@ static void prune_dead_connections(struct Curl_easy *data)
}
}
static bool ssh_config_matches(struct connectdata *one,
struct connectdata *two)
{
return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
}
/*
* Given one filled in connection struct (named needle), this function should
* detect if there already is one that has all the significant details
@@ -1356,6 +1362,11 @@ ConnectionExists(struct Curl_easy *data,
(data->state.httpwant < CURL_HTTP_VERSION_2_0))
continue;
if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}
if((needle->handler->flags&PROTOPT_SSL)
#ifndef CURL_DISABLE_PROXY
|| !needle->bits.httpproxy || needle->bits.tunnel_proxy
@@ -1508,7 +1519,7 @@ ConnectionExists(struct Curl_easy *data,
if(chosen) {
/* mark it as used before releasing the lock */
Curl_attach_connnection(data, chosen);
Curl_attach_connection(data, chosen);
CONNCACHE_UNLOCK(data);
*usethis = chosen;
return TRUE; /* yes, we found one to use! */
@@ -1758,11 +1769,17 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
#ifdef USE_TLS_SRP
#endif
#ifndef CURL_DISABLE_PROXY
conn->proxy_ssl_config.verifystatus =
data->set.proxy_ssl.primary.verifystatus;
conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
#ifdef USE_TLS_SRP
#endif
#endif
conn->ip_version = data->set.ipver;
conn->bits.connect_only = data->set.connect_only;
@@ -3779,7 +3796,7 @@ static CURLcode create_conn(struct Curl_easy *data,
if(!result) {
conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
result = Curl_conncache_add_conn(data);
if(result)
goto out;
@@ -3848,7 +3865,8 @@ static CURLcode create_conn(struct Curl_easy *data,
data->set.str[STRING_SSL_ISSUERCERT_PROXY];
data->set.proxy_ssl.primary.issuercert_blob =
data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
data->set.proxy_ssl.primary.CRLfile =
data->set.str[STRING_SSL_CRLFILE_PROXY];
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
@@ -3856,18 +3874,20 @@ static CURLcode create_conn(struct Curl_easy *data,
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
#endif
data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
data->set.ssl.key = data->set.str[STRING_KEY];
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
#ifdef USE_TLS_SRP
data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
#ifndef CURL_DISABLE_PROXY
data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
data->set.proxy_ssl.primary.username =
data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
data->set.proxy_ssl.primary.password =
data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
#endif
#endif
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
@@ -4006,7 +4026,7 @@ static CURLcode create_conn(struct Curl_easy *data,
* This is a brand new connection, so let's store it in the connection
* cache of ours!
*/
Curl_attach_connnection(data, conn);
Curl_attach_connection(data, conn);
result = Curl_conncache_add_conn(data);
if(result)
goto out;
@@ -4153,7 +4173,7 @@ CURLcode Curl_connect(struct Curl_easy *data,
else if(result && conn) {
/* We're not allowed to return failure with memory left allocated in the
connectdata struct, free those here */
Curl_detach_connnection(data);
Curl_detach_connection(data);
Curl_conncache_remove_conn(data, conn, TRUE);
Curl_disconnect(data, conn, TRUE);
}

6
Utilities/cmcurl/lib/urlapi.c
View File

@@ -228,7 +228,7 @@ static void strcpy_url(char *output, const char *url, bool relative)
*/
bool Curl_is_absolute_url(const char *url, char *buf, size_t buflen)
{
size_t i;
int i;
DEBUGASSERT(!buf || (buflen > MAX_SCHEME_LEN));
(void)buflen; /* only used in debug-builds */
if(buf)
@@ -678,8 +678,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
#endif
}
else {
/* letters from the second string is not ok */
len = strcspn(hostname, " \r\n");
/* letters from the second string are not ok */
len = strcspn(hostname, " \r\n\t/:#?!@");
if(hlen != len)
/* hostname with bad content */
return CURLUE_BAD_HOSTNAME;

13
Utilities/cmcurl/lib/urldata.h
View File

@@ -253,10 +253,17 @@ struct ssl_primary_config {
char *cipher_list; /* list of ciphers to use */
char *cipher_list13; /* list of TLS 1.3 cipher suites to use */
char *pinned_key;
char *CRLfile; /* CRL to check certificate revocation */
struct curl_blob *cert_blob;
struct curl_blob *ca_info_blob;
struct curl_blob *issuercert_blob;
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */
char *password; /* TLS password (for, e.g., SRP) */
enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
#endif
char *curves; /* list of curves to use */
unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
BIT(verifypeer); /* set TRUE if this is desired */
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */
BIT(verifystatus); /* set TRUE if certificate status must be checked */
@@ -266,7 +273,6 @@ struct ssl_primary_config {
struct ssl_config_data {
struct ssl_primary_config primary;
long certverifyresult; /* result from the certificate verification */
char *CRLfile; /* CRL to check certificate revocation */
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
void *fsslctxp; /* parameter for call back */
char *cert_type; /* format for certificate (default: PEM)*/
@@ -274,11 +280,6 @@ struct ssl_config_data {
struct curl_blob *key_blob;
char *key_type; /* format for private key (default: PEM) */
char *key_passwd; /* plain text private key password */
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */
char *password; /* TLS password (for, e.g., SRP) */
enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
#endif
BIT(certinfo); /* gather lots of certificate info */
BIT(falsestart);
BIT(enable_beast); /* allow this flaw for interoperability's sake*/

11
Utilities/cmcurl/lib/vquic/msh3.c
View File

@@ -95,7 +95,9 @@ static const MSH3_REQUEST_IF msh3_request_if = {
void Curl_quic_ver(char *p, size_t len)
{
(void)msnprintf(p, len, "msh3/%s", "0.0.1");
uint32_t v[4];
MsH3Version(v);
(void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]);
}
CURLcode Curl_quic_connect(struct Curl_easy *data,
@@ -121,7 +123,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data,
return CURLE_FAILED_INIT;
}
qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure);
qs->conn = MsH3ConnectionOpen(qs->api,
conn->host.name,
(uint16_t)conn->remote_port,
unsecure);
if(!qs->conn) {
failf(data, "can't create msh3 connection");
if(qs->api) {
@@ -357,7 +362,7 @@ static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
struct HTTP *stream = IfContext;
(void)Request;
(void)AbortError;
H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted));
H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false"));
msh3_lock_acquire(&stream->recv_lock);
if(Aborted) {
stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */

13
Utilities/cmcurl/lib/vquic/ngtcp2.c
View File

@@ -264,6 +264,7 @@ static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets,
static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
@@ -291,12 +292,11 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
}
{
struct connectdata *conn = data->conn;
if(conn->ssl_config.verifypeer) {
const char * const ssl_cafile = conn->ssl_config.CAfile;
const char * const ssl_capath = conn->ssl_config.CApath;
if(conn->ssl_config.verifypeer) {
if(ssl_cafile || ssl_capath) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
/* tell OpenSSL where to find CA certificates that are used to verify
the server's certificate. */
@@ -311,6 +311,13 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
}
#ifdef CURL_CA_FALLBACK
else {
/* verifying the peer without any CA certificates won't work so
use openssl's built-in default as fallback */
SSL_CTX_set_default_verify_paths(ssl_ctx);
}
#endif
}
return ssl_ctx;
}

6
Utilities/cmcurl/lib/vssh/ssh.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -131,8 +131,8 @@ struct ssh_conn {
/* common */
const char *passphrase; /* pass-phrase to use */
char *rsa_pub; /* path name */
char *rsa; /* path name */
char *rsa_pub; /* strdup'ed public key file */
char *rsa; /* strdup'ed private key file */
bool authed; /* the connection has been authenticated fine */
bool acceptfail; /* used by the SFTP_QUOTE (continue if
quote command fails) */

29
Utilities/cmcurl/lib/vtls/gskit.c
View File

@@ -293,27 +293,6 @@ static CURLcode set_numeric(struct Curl_easy *data,
}
static CURLcode set_callback(struct Curl_easy *data,
gsk_handle h, GSK_CALLBACK_ID id, void *info)
{
char buffer[STRERROR_LEN];
int rc = gsk_attribute_set_callback(h, id, info);
switch(rc) {
case GSK_OK:
return CURLE_OK;
case GSK_ERROR_IO:
failf(data, "gsk_attribute_set_callback() I/O error: %s",
Curl_strerror(errno, buffer, sizeof(buffer)));
break;
default:
failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc));
break;
}
return CURLE_SSL_CONNECT_ERROR;
}
static CURLcode set_ciphers(struct Curl_easy *data,
gsk_handle h, unsigned int *protoflags)
{
@@ -796,13 +775,13 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data,
BACKEND->localfd = sockpair[0];
BACKEND->remotefd = sockpair[1];
setsockopt(BACKEND->localfd, SOL_SOCKET, SO_RCVBUF,
(void *) sobufsize, sizeof(sobufsize));
(void *) &sobufsize, sizeof(sobufsize));
setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_RCVBUF,
(void *) sobufsize, sizeof(sobufsize));
(void *) &sobufsize, sizeof(sobufsize));
setsockopt(BACKEND->localfd, SOL_SOCKET, SO_SNDBUF,
(void *) sobufsize, sizeof(sobufsize));
(void *) &sobufsize, sizeof(sobufsize));
setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_SNDBUF,
(void *) sobufsize, sizeof(sobufsize));
(void *) &sobufsize, sizeof(sobufsize));
curlx_nonblock(BACKEND->localfd, TRUE);
curlx_nonblock(BACKEND->remotefd, TRUE);
}

32
Utilities/cmcurl/lib/vtls/gtls.c
View File

@@ -445,9 +445,10 @@ gtls_connect_step1(struct Curl_easy *data,
}
#ifdef USE_GNUTLS_SRP
if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
if((SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data)) {
infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
infof(data, "Using TLS-SRP username: %s",
SSL_SET_OPTION(primary.username));
rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
@@ -457,8 +458,8 @@ gtls_connect_step1(struct Curl_easy *data,
}
rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
SSL_SET_OPTION(username),
SSL_SET_OPTION(password));
SSL_SET_OPTION(primary.username),
SSL_SET_OPTION(primary.password));
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_set_client_cred() failed: %s",
gnutls_strerror(rc));
@@ -515,19 +516,19 @@ gtls_connect_step1(struct Curl_easy *data,
}
#endif
if(SSL_SET_OPTION(CRLfile)) {
if(SSL_SET_OPTION(primary.CRLfile)) {
/* set the CRL list file */
rc = gnutls_certificate_set_x509_crl_file(backend->cred,
SSL_SET_OPTION(CRLfile),
SSL_SET_OPTION(primary.CRLfile),
GNUTLS_X509_FMT_PEM);
if(rc < 0) {
failf(data, "error reading crl file %s (%s)",
SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc));
return CURLE_SSL_CRL_BADFILE;
}
else
infof(data, "found %d CRL in %s",
rc, SSL_SET_OPTION(CRLfile));
rc, SSL_SET_OPTION(primary.CRLfile));
}
/* Initialize TLS session as a client */
@@ -598,7 +599,7 @@ gtls_connect_step1(struct Curl_easy *data,
#ifdef USE_GNUTLS_SRP
/* Only add SRP to the cipher list if SRP is requested. Otherwise
* GnuTLS will disable TLS 1.3 support. */
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
size_t len = strlen(prioritylist);
char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
@@ -693,7 +694,7 @@ gtls_connect_step1(struct Curl_easy *data,
#ifdef USE_GNUTLS_SRP
/* put the credentials to the current session */
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
@@ -875,8 +876,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
SSL_CONN_CONFIG(verifyhost) ||
SSL_CONN_CONFIG(issuercert)) {
#ifdef USE_GNUTLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(username) != NULL
if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(primary.username)
&& !SSL_CONN_CONFIG(verifypeer)
&& gnutls_cipher_get(session)) {
/* no peer cert, but auth is ok if we have SRP user and cipher and no
@@ -934,7 +935,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
failf(data, "server certificate verification failed. CAfile: %s "
"CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
"none",
SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
SSL_SET_OPTION(primary.CRLfile) ?
SSL_SET_OPTION(primary.CRLfile) : "none");
return CURLE_PEER_FAILED_VERIFICATION;
}
else
@@ -1564,8 +1566,8 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn,
gnutls_certificate_free_credentials(backend->cred);
#ifdef USE_GNUTLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(username) != NULL)
if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
&& SSL_SET_OPTION(primary.username) != NULL)
gnutls_srp_free_client_credentials(backend->srp_client_cred);
#endif

16
Utilities/cmcurl/lib/vtls/mbedtls.c
View File

@@ -279,7 +279,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
const char * const hostname = SSL_HOST_NAME();
#ifndef CURL_DISABLE_VERBOSE_STRINGS
const long int port = SSL_HOST_PORT();
@@ -303,8 +303,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
&ts_entropy, NULL, 0);
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s",
-ret, errorbuf);
return CURLE_FAILED_INIT;
}
#else
mbedtls_entropy_init(&backend->entropy);
@@ -314,8 +315,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
&backend->entropy, NULL, 0);
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s",
-ret, errorbuf);
return CURLE_FAILED_INIT;
}
#endif /* THREADING_SUPPORT */
@@ -815,8 +817,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(next_protocol) {
infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
#ifdef USE_HTTP2
if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) &&
!next_protocol[ALPN_H2_LEN]) {
if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
!next_protocol[ALPN_H2_LENGTH]) {
conn->negnpn = CURL_HTTP_VERSION_2;
}
else
@@ -1015,7 +1017,7 @@ static CURLcode mbedtls_random(struct Curl_easy *data,
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s",
failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s",
-ret, errorbuf);
}
else {
@@ -1023,7 +1025,7 @@ static CURLcode mbedtls_random(struct Curl_easy *data,
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
failf(data, "mbedtls_ctr_drbg_random returned (-0x%04X) %s",
-ret, errorbuf);
}
}

14
Utilities/cmcurl/lib/vtls/nss.c
View File

@@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data,
PR_Free(common_name);
}
/* A number of certs that will never occur in a real server handshake */
#define TOO_MANY_CERTS 300
static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
{
CURLcode result = CURLE_OK;
@@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
while(cert2) {
i++;
if(i >= TOO_MANY_CERTS) {
CERT_DestroyCertificate(cert2);
failf(data, "certificate loop");
return CURLE_SSL_CERTPROBLEM;
}
if(cert2->isRoot) {
CERT_DestroyCertificate(cert2);
break;
@@ -2027,13 +2035,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
}
}
if(SSL_SET_OPTION(CRLfile)) {
const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
if(SSL_SET_OPTION(primary.CRLfile)) {
const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile));
if(rv) {
result = rv;
goto error;
}
infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile));
infof(data, " CRLfile: %s", SSL_SET_OPTION(primary.CRLfile));
}
if(SSL_SET_OPTION(primary.clientcert)) {

17
Utilities/cmcurl/lib/vtls/openssl.c
View File

@@ -215,11 +215,10 @@
* OpenSSL: supported since 1.0.2, see
* https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
* BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30)
* LibreSSL: not tested.
* LibreSSL: since 2.5.3 (April 12, 2017)
*/
#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && \
!defined(LIBRESSL_VERSION_NUMBER)) || \
defined(OPENSSL_IS_BORINGSSL)
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \
defined(OPENSSL_IS_BORINGSSL)
#define HAVE_SSL_CTX_SET_EC_CURVES
#endif
@@ -2663,7 +2662,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
#endif
const long int ssl_version = SSL_CONN_CONFIG(version);
#ifdef USE_OPENSSL_SRP
const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype);
#endif
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
@@ -2674,7 +2673,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
(ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
char error_buffer[256];
struct ssl_backend_data *backend = connssl->backend;
bool imported_native_ca = false;
@@ -2926,15 +2925,15 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
#ifdef USE_OPENSSL_SRP
if((ssl_authtype == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data)) {
char * const ssl_username = SSL_SET_OPTION(username);
char * const ssl_username = SSL_SET_OPTION(primary.username);
char * const ssl_password = SSL_SET_OPTION(primary.password);
infof(data, "Using TLS-SRP username: %s", ssl_username);
if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
failf(data, "Unable to set SRP user name");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) {
failf(data, "failed setting SRP password");
return CURLE_BAD_FUNCTION_ARGUMENT;
}

3
Utilities/cmcurl/lib/vtls/sectransp.c
View File

@@ -2045,8 +2045,9 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen);
if(err != noErr) {
infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d",
failf(data, "SSL: SSLSetPeerDomainName() failed: OSStatus %d",
err);
return CURLE_SSL_CONNECT_ERROR;
}
if((Curl_inet_pton(AF_INET, hostname, &addr))

21
Utilities/cmcurl/lib/vtls/vtls.c
View File

@@ -132,6 +132,7 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
{
if((data->version == needle->version) &&
(data->version_max == needle->version_max) &&
(data->ssl_options == needle->ssl_options) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
(data->verifystatus == needle->verifystatus) &&
@@ -144,9 +145,15 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
Curl_safecmp(data->clientcert, needle->clientcert) &&
Curl_safecmp(data->random_file, needle->random_file) &&
Curl_safecmp(data->egdsocket, needle->egdsocket) &&
#ifdef USE_TLS_SRP
Curl_safecmp(data->username, needle->username) &&
Curl_safecmp(data->password, needle->password) &&
(data->authtype == needle->authtype) &&
#endif
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
Curl_safe_strcasecompare(data->curves, needle->curves) &&
Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) &&
Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
return TRUE;
@@ -163,6 +170,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
dest->verifyhost = source->verifyhost;
dest->verifystatus = source->verifystatus;
dest->sessionid = source->sessionid;
dest->ssl_options = source->ssl_options;
#ifdef USE_TLS_SRP
dest->authtype = source->authtype;
#endif
CLONE_BLOB(cert_blob);
CLONE_BLOB(ca_info_blob);
@@ -177,6 +188,11 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
CLONE_STRING(cipher_list13);
CLONE_STRING(pinned_key);
CLONE_STRING(curves);
CLONE_STRING(CRLfile);
#ifdef USE_TLS_SRP
CLONE_STRING(username);
CLONE_STRING(password);
#endif
return TRUE;
}
@@ -196,6 +212,11 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc)
Curl_safefree(sslc->ca_info_blob);
Curl_safefree(sslc->issuercert_blob);
Curl_safefree(sslc->curves);
Curl_safefree(sslc->CRLfile);
#ifdef USE_TLS_SRP
Curl_safefree(sslc->username);
Curl_safefree(sslc->password);
#endif
}
#ifdef USE_SSL

30
Utilities/cmcurl/lib/vtls/x509asn1.c
View File

@@ -945,6 +945,24 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
/* Generate all information records for the public key. */
if(strcasecompare(algo, "ecPublicKey")) {
/*
* ECC public key is all the data, a value of type BIT STRING mapped to
* OCTET STRING and should not be parsed as an ASN.1 value.
*/
const unsigned long len =
(unsigned long)((pubkey->end - pubkey->beg - 2) * 4);
if(!certnum)
infof(data, " ECC Public Key (%lu bits)", len);
if(data->set.ssl.certinfo) {
char q[sizeof(len) * 8 / 3 + 1];
msnprintf(q, sizeof(q), "%lu", len);
if(Curl_ssl_push_certinfo(data, certnum, "ECC Public Key", q))
return 1;
}
return do_pubkey_field(data, certnum, "ecPublicKey", pubkey);
}
/* Get the public key (single element). */
if(!getASN1Element(&pk, pubkey->beg + 1, pubkey->end))
return 1;
@@ -971,14 +989,10 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
if(!certnum)
infof(data, " RSA Public Key (%lu bits)", len);
if(data->set.ssl.certinfo) {
q = curl_maprintf("%lu", len);
if(q) {
CURLcode result =
Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
free((char *) q);
if(result)
return 1;
}
char r[sizeof(len) * 8 / 3 + 1];
msnprintf(r, sizeof(r), "%lu", len);
if(Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", r))
return 1;
}
/* Generate coefficients. */
if(do_pubkey_field(data, certnum, "rsa(n)", &elem))