#include "setup.h"
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include "urldata.h"
#define SSLGEN_C
#include "sslgen.h"
#include "ssluse.h"
#include "gtls.h"
#include "nssg.h"
#include "qssl.h"
#include "polarssl.h"
#include "axtls.h"
#include "cyassl.h"
#include "sendf.h"
#include "rawstr.h"
#include "url.h"
#include "curl_memory.h"
#include "progress.h"
#include "share.h"
#include "memdebug.h"
#define SSLSESSION_SHARED(data) (data->share && \
(data->share->specifier & \
(1<<CURL_LOCK_DATA_SSL_SESSION)))
static bool safe_strequal(char* str1, char* str2)
{
if(str1 && str2)
return (0 != Curl_raw_equal(str1, str2)) ? TRUE : FALSE;
else
return (!str1 && !str2) ? TRUE : FALSE;
}
bool
Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle)
{
if((data->version == needle->version) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
safe_strequal(data->CApath, needle->CApath) &&
safe_strequal(data->CAfile, needle->CAfile) &&
safe_strequal(data->random_file, needle->random_file) &&
safe_strequal(data->egdsocket, needle->egdsocket) &&
safe_strequal(data->cipher_list, needle->cipher_list))
return TRUE;
return FALSE;
}
bool
Curl_clone_ssl_config(struct ssl_config_data *source,
struct ssl_config_data *dest)
{
dest->sessionid = source->sessionid;
dest->verifyhost = source->verifyhost;
dest->verifypeer = source->verifypeer;
dest->version = source->version;
if(source->CAfile) {
dest->CAfile = strdup(source->CAfile);
if(!dest->CAfile)
return FALSE;
}
else
dest->CAfile = NULL;
if(source->CApath) {
dest->CApath = strdup(source->CApath);
if(!dest->CApath)
return FALSE;
}
else
dest->CApath = NULL;
if(source->cipher_list) {
dest->cipher_list = strdup(source->cipher_list);
if(!dest->cipher_list)
return FALSE;
}
else
dest->cipher_list = NULL;
if(source->egdsocket) {
dest->egdsocket = strdup(source->egdsocket);
if(!dest->egdsocket)
return FALSE;
}
else
dest->egdsocket = NULL;
if(source->random_file) {
dest->random_file = strdup(source->random_file);
if(!dest->random_file)
return FALSE;
}
else
dest->random_file = NULL;
return TRUE;
}
void Curl_free_ssl_config(struct ssl_config_data* sslc)
{
Curl_safefree(sslc->CAfile);
Curl_safefree(sslc->CApath);
Curl_safefree(sslc->cipher_list);
Curl_safefree(sslc->egdsocket);
Curl_safefree(sslc->random_file);
}
#ifdef USE_SSL
static bool init_ssl=FALSE;
int Curl_ssl_init(void)
{
if(init_ssl)
return 1;
init_ssl = TRUE;
return curlssl_init();
}
void Curl_ssl_cleanup(void)
{
if(init_ssl) {
curlssl_cleanup();
init_ssl = FALSE;
}
}
CURLcode
Curl_ssl_connect(struct connectdata *conn, int sockindex)
{
CURLcode res;
conn->ssl[sockindex].use = TRUE;
conn->ssl[sockindex].state = ssl_connection_negotiating;
res = curlssl_connect(conn, sockindex);
if(!res)
Curl_pgrsTime(conn->data, TIMER_APPCONNECT);
return res;
}
CURLcode
Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done)
{
#ifdef curlssl_connect_nonblocking
CURLcode res;
conn->ssl[sockindex].use = TRUE;
res = curlssl_connect_nonblocking(conn, sockindex, done);
if(!res && *done)
Curl_pgrsTime(conn->data, TIMER_APPCONNECT);
return res;
#else
*done = TRUE;
return Curl_ssl_connect(conn, sockindex);
#endif
}
int Curl_ssl_getsessionid(struct connectdata *conn,
void **ssl_sessionid,
size_t *idsize)
{
struct curl_ssl_session *check;
struct SessionHandle *data = conn->data;
size_t i;
long *general_age;
bool no_match = TRUE;
*ssl_sessionid = NULL;
if(!conn->ssl_config.sessionid)
return TRUE;
if(SSLSESSION_SHARED(data)) {
Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
general_age = &data->share->sessionage;
}
else
general_age = &data->state.sessionage;
for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
check = &data->state.session[i];
if(!check->sessionid)
continue;
if(Curl_raw_equal(conn->host.name, check->name) &&
(conn->remote_port == check->remote_port) &&
Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
(*general_age)++;
check->age = *general_age;
*ssl_sessionid = check->sessionid;
if(idsize)
*idsize = check->idsize;
no_match = FALSE;
break;
}
}
if(SSLSESSION_SHARED(data))
Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
return no_match;
}
void Curl_ssl_kill_session(struct curl_ssl_session *session)
{
if(session->sessionid) {
curlssl_session_free(session->sessionid);
session->sessionid = NULL;
session->age = 0;
Curl_free_ssl_config(&session->ssl_config);
Curl_safefree(session->name);
}
}
void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
{
size_t i;
struct SessionHandle *data=conn->data;
if(SSLSESSION_SHARED(data))
Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
struct curl_ssl_session *check = &data->state.session[i];
if(check->sessionid == ssl_sessionid) {
Curl_ssl_kill_session(check);
break;
}
}
if(SSLSESSION_SHARED(data))
Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
}
CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void *ssl_sessionid,
size_t idsize)
{
size_t i;
struct SessionHandle *data=conn->data;
struct curl_ssl_session *store = &data->state.session[0];
long oldest_age=data->state.session[0].age;
char *clone_host;
long *general_age;
clone_host = strdup(conn->host.name);
if(!clone_host)
return CURLE_OUT_OF_MEMORY;
if(SSLSESSION_SHARED(data)) {
Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
general_age = &data->share->sessionage;
}
else {
general_age = &data->state.sessionage;
}
for(i = 1; (i < data->set.ssl.max_ssl_sessions) &&
data->state.session[i].sessionid; i++) {
if(data->state.session[i].age < oldest_age) {
oldest_age = data->state.session[i].age;
store = &data->state.session[i];
}
}
if(i == data->set.ssl.max_ssl_sessions)
Curl_ssl_kill_session(store);
else
store = &data->state.session[i];
store->sessionid = ssl_sessionid;
store->idsize = idsize;
store->age = *general_age;
if(store->name)
free(store->name);
store->name = clone_host;
store->remote_port = conn->remote_port;
if(SSLSESSION_SHARED(data))
Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config)) {
store->sessionid = NULL;
free(clone_host);
return CURLE_OUT_OF_MEMORY;
}
return CURLE_OK;
}
void Curl_ssl_close_all(struct SessionHandle *data)
{
size_t i;
if(data->state.session && !SSLSESSION_SHARED(data)) {
for(i = 0; i < data->set.ssl.max_ssl_sessions; i++)
Curl_ssl_kill_session(&data->state.session[i]);
Curl_safefree(data->state.session);
}
curlssl_close_all(data);
}
void Curl_ssl_close(struct connectdata *conn, int sockindex)
{
DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
curlssl_close(conn, sockindex);
}
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
{
if(curlssl_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
conn->ssl[sockindex].use = FALSE;
conn->ssl[sockindex].state = ssl_connection_none;
conn->recv[sockindex] = Curl_recv_plain;
conn->send[sockindex] = Curl_send_plain;
return CURLE_OK;
}
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
{
return curlssl_set_engine(data, engine);
}
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
{
return curlssl_set_engine_default(data);
}
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
{
return curlssl_engines_list(data);
}
CURLcode Curl_ssl_initsessions(struct SessionHandle *data, size_t amount)
{
struct curl_ssl_session *session;
if(data->state.session)
return CURLE_OK;
session = calloc(amount, sizeof(struct curl_ssl_session));
if(!session)
return CURLE_OUT_OF_MEMORY;
data->set.ssl.max_ssl_sessions = amount;
data->state.session = session;
data->state.sessionage = 1;
return CURLE_OK;
}
size_t Curl_ssl_version(char *buffer, size_t size)
{
return curlssl_version(buffer, size);
}
int Curl_ssl_check_cxn(struct connectdata *conn)
{
return curlssl_check_cxn(conn);
}
bool Curl_ssl_data_pending(const struct connectdata *conn,
int connindex)
{
return curlssl_data_pending(conn, connindex);
}
void Curl_ssl_free_certinfo(struct SessionHandle *data)
{
int i;
struct curl_certinfo *ci = &data->info.certs;
if(ci->num_of_certs) {
for(i=0; i<ci->num_of_certs; i++) {
curl_slist_free_all(ci->certinfo[i]);
ci->certinfo[i] = NULL;
}
free(ci->certinfo);
ci->certinfo = NULL;
ci->num_of_certs = 0;
}
}
#endif