#include "setup.h"
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include "urldata.h"
#define SSLGEN_C
#include "sslgen.h"
#include "ssluse.h"
#include "gtls.h"
#include "nssg.h"
#include "qssl.h"
#include "sendf.h"
#include "rawstr.h"
#include "url.h"
#include "curl_memory.h"
#include "progress.h"
#include "memdebug.h"
static bool safe_strequal(char* str1, char* str2)
{
if(str1 && str2)
return (bool)(0 != Curl_raw_equal(str1, str2));
else
return (bool)(!str1 && !str2);
}
bool
Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle)
{
if((data->version == needle->version) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
safe_strequal(data->CApath, needle->CApath) &&
safe_strequal(data->CAfile, needle->CAfile) &&
safe_strequal(data->random_file, needle->random_file) &&
safe_strequal(data->egdsocket, needle->egdsocket) &&
safe_strequal(data->cipher_list, needle->cipher_list))
return TRUE;
return FALSE;
}
bool
Curl_clone_ssl_config(struct ssl_config_data *source,
struct ssl_config_data *dest)
{
dest->sessionid = source->sessionid;
dest->verifyhost = source->verifyhost;
dest->verifypeer = source->verifypeer;
dest->version = source->version;
if(source->CAfile) {
dest->CAfile = strdup(source->CAfile);
if(!dest->CAfile)
return FALSE;
}
if(source->CApath) {
dest->CApath = strdup(source->CApath);
if(!dest->CApath)
return FALSE;
}
if(source->cipher_list) {
dest->cipher_list = strdup(source->cipher_list);
if(!dest->cipher_list)
return FALSE;
}
if(source->egdsocket) {
dest->egdsocket = strdup(source->egdsocket);
if(!dest->egdsocket)
return FALSE;
}
if(source->random_file) {
dest->random_file = strdup(source->random_file);
if(!dest->random_file)
return FALSE;
}
return TRUE;
}
void Curl_free_ssl_config(struct ssl_config_data* sslc)
{
Curl_safefree(sslc->CAfile);
Curl_safefree(sslc->CApath);
Curl_safefree(sslc->cipher_list);
Curl_safefree(sslc->egdsocket);
Curl_safefree(sslc->random_file);
}
#ifdef USE_SSL
static bool init_ssl=FALSE;
int Curl_ssl_init(void)
{
if(init_ssl)
return 1;
init_ssl = TRUE;
return curlssl_init();
}
void Curl_ssl_cleanup(void)
{
if(init_ssl) {
curlssl_cleanup();
init_ssl = FALSE;
}
}
CURLcode
Curl_ssl_connect(struct connectdata *conn, int sockindex)
{
CURLcode res;
conn->ssl[sockindex].use = TRUE;
conn->ssl[sockindex].state = ssl_connection_negotiating;
res = curlssl_connect(conn, sockindex);
if(!res)
Curl_pgrsTime(conn->data, TIMER_APPCONNECT);
return res;
}
CURLcode
Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done)
{
#ifdef curlssl_connect_nonblocking
CURLcode res;
conn->ssl[sockindex].use = TRUE;
res = curlssl_connect_nonblocking(conn, sockindex, done);
if(!res && *done == TRUE)
Curl_pgrsTime(conn->data, TIMER_APPCONNECT);
return res;
#else
*done = TRUE;
conn->ssl[sockindex].use = TRUE;
return curlssl_connect(conn, sockindex);
#endif
}
int Curl_ssl_getsessionid(struct connectdata *conn,
void **ssl_sessionid,
size_t *idsize)
{
struct curl_ssl_session *check;
struct SessionHandle *data = conn->data;
long i;
if(!conn->ssl_config.sessionid)
return TRUE;
for(i=0; i< data->set.ssl.numsessions; i++) {
check = &data->state.session[i];
if(!check->sessionid)
continue;
if(Curl_raw_equal(conn->host.name, check->name) &&
(conn->remote_port == check->remote_port) &&
Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
data->state.sessionage++;
check->age = data->state.sessionage;
*ssl_sessionid = check->sessionid;
if(idsize)
*idsize = check->idsize;
return FALSE;
}
}
*ssl_sessionid = NULL;
return TRUE;
}
static int kill_session(struct curl_ssl_session *session)
{
if(session->sessionid) {
curlssl_session_free(session->sessionid);
session->sessionid=NULL;
session->age = 0;
Curl_free_ssl_config(&session->ssl_config);
Curl_safefree(session->name);
session->name = NULL;
return 0;
}
else
return 1;
}
void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
{
int i;
for(i=0; i< conn->data->set.ssl.numsessions; i++) {
struct curl_ssl_session *check = &conn->data->state.session[i];
if (check->sessionid == ssl_sessionid) {
kill_session(check);
break;
}
}
}
CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void *ssl_sessionid,
size_t idsize)
{
long i;
struct SessionHandle *data=conn->data;
struct curl_ssl_session *store = &data->state.session[0];
long oldest_age=data->state.session[0].age;
char *clone_host;
clone_host = strdup(conn->host.name);
if(!clone_host)
return CURLE_OUT_OF_MEMORY;
for(i=1; (i<data->set.ssl.numsessions) &&
data->state.session[i].sessionid; i++) {
if(data->state.session[i].age < oldest_age) {
oldest_age = data->state.session[i].age;
store = &data->state.session[i];
}
}
if(i == data->set.ssl.numsessions)
kill_session(store);
else
store = &data->state.session[i];
store->sessionid = ssl_sessionid;
store->idsize = idsize;
store->age = data->state.sessionage;
if (store->name)
free(store->name);
store->name = clone_host;
store->remote_port = conn->remote_port;
if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config))
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
void Curl_ssl_close_all(struct SessionHandle *data)
{
long i;
if(data->state.session) {
for(i=0; i< data->set.ssl.numsessions; i++)
kill_session(&data->state.session[i]);
free(data->state.session);
data->state.session = NULL;
}
curlssl_close_all(data);
}
void Curl_ssl_close(struct connectdata *conn, int sockindex)
{
DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
curlssl_close(conn, sockindex);
}
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
{
if(curlssl_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
conn->ssl[sockindex].use = FALSE;
conn->ssl[sockindex].state = ssl_connection_none;
return CURLE_OK;
}
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
{
return curlssl_set_engine(data, engine);
}
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
{
return curlssl_set_engine_default(data);
}
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
{
return curlssl_engines_list(data);
}
ssize_t Curl_ssl_send(struct connectdata *conn,
int sockindex,
const void *mem,
size_t len)
{
return curlssl_send(conn, sockindex, mem, len);
}
ssize_t Curl_ssl_recv(struct connectdata *conn,
int sockindex,
char *mem,
size_t len)
{
ssize_t nread;
bool block = FALSE;
nread = curlssl_recv(conn, sockindex, mem, len, &block);
if(nread == -1) {
if(!block)
return 0;
else
return -1;
}
return nread;
}
CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
{
struct curl_ssl_session *session;
if(data->state.session)
return CURLE_OK;
session = calloc(sizeof(struct curl_ssl_session), amount);
if(!session)
return CURLE_OUT_OF_MEMORY;
data->set.ssl.numsessions = amount;
data->state.session = session;
data->state.sessionage = 1;
return CURLE_OK;
}
size_t Curl_ssl_version(char *buffer, size_t size)
{
return curlssl_version(buffer, size);
}
int Curl_ssl_check_cxn(struct connectdata *conn)
{
return curlssl_check_cxn(conn);
}
bool Curl_ssl_data_pending(const struct connectdata *conn,
int connindex)
{
return curlssl_data_pending(conn, connindex);
}
void Curl_ssl_free_certinfo(struct SessionHandle *data)
{
int i;
struct curl_certinfo *ci = &data->info.certs;
if(ci->num_of_certs) {
for(i=0; i<ci->num_of_certs; i++)
curl_slist_free_all(ci->certinfo[i]);
free(ci->certinfo);
ci->num_of_certs = 0;
}
}
#endif