1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
9 * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
11 * This software is licensed as described in the file COPYING, which
12 * you should have received as part of this distribution. The terms
13 * are also available at https://curl.haxx.se/docs/copyright.html.
15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 * copies of the Software, and permit persons to whom the Software is
17 * furnished to do so, under the terms of the COPYING file.
19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 * KIND, either express or implied.
22 ***************************************************************************/
25 * Source file for all iOS and Mac OS X SecureTransport-specific code for the
26 * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
29 #include "curl_setup.h"
31 #include "urldata.h" /* for the SessionHandle definition */
32 #include "curl_base64.h"
41 #include <Security/Security.h>
42 #include <Security/SecureTransport.h>
43 #include <CoreFoundation/CoreFoundation.h>
44 #include <CommonCrypto/CommonDigest.h>
46 /* The Security framework has changed greatly between iOS and different OS X
47 versions, and we will try to support as many of them as we can (back to
48 Leopard and iOS 5) by using macros and weak-linking.
50 IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then
51 you must build this project against the 10.8 SDK or later. */
52 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
54 #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
55 #error "The darwinssl back-end requires Leopard or later."
56 #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
58 #define CURL_BUILD_IOS 0
59 #define CURL_BUILD_IOS_7 0
60 #define CURL_BUILD_MAC 1
61 /* This is the maximum API level we are allowed to use when building: */
62 #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
63 #define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
64 #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
65 #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
66 #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
67 /* These macros mean "the following code is present to allow runtime backward
68 compatibility with at least this cat or earlier":
69 (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET
70 environmental variable.) */
71 #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
72 #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
73 #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
74 #define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
75 #define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
77 #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
78 #define CURL_BUILD_IOS 1
79 #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
80 #define CURL_BUILD_MAC 0
81 #define CURL_BUILD_MAC_10_5 0
82 #define CURL_BUILD_MAC_10_6 0
83 #define CURL_BUILD_MAC_10_7 0
84 #define CURL_BUILD_MAC_10_8 0
85 #define CURL_SUPPORT_MAC_10_5 0
86 #define CURL_SUPPORT_MAC_10_6 0
87 #define CURL_SUPPORT_MAC_10_7 0
88 #define CURL_SUPPORT_MAC_10_8 0
89 #define CURL_SUPPORT_MAC_10_9 0
92 #error "The darwinssl back-end requires iOS or OS X."
93 #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
96 #include <sys/sysctl.h>
97 #endif /* CURL_BUILD_MAC */
101 #include "inet_pton.h"
105 #include "darwinssl.h"
106 #include "curl_printf.h"
108 #include "curl_memory.h"
109 /* The last #include file should be: */
110 #include "memdebug.h"
112 /* From MacTypes.h (which we can't include because it isn't present in iOS: */
116 /* The following two functions were ripped from Apple sample code,
117 * with some modifications: */
118 static OSStatus SocketRead(SSLConnectionRef connection,
119 void *data, /* owned by
122 size_t *dataLength) /* IN/OUT */
124 size_t bytesToGo = *dataLength;
125 size_t initLen = bytesToGo;
126 UInt8 *currData = (UInt8 *)data;
127 /*int sock = *(int *)connection;*/
128 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
129 int sock = connssl->ssl_sockfd;
130 OSStatus rtn = noErr;
139 rrtn = read(sock, currData, bytesToGo);
141 /* this is guesswork... */
143 if(rrtn == 0) { /* EOF = server hung up */
144 /* the framework will turn this into errSSLClosedNoNotify */
145 rtn = errSSLClosedGraceful;
147 else /* do the switch */
150 /* connection closed */
151 rtn = errSSLClosedGraceful;
154 rtn = errSSLClosedAbort;
157 rtn = errSSLWouldBlock;
158 connssl->ssl_direction = false;
169 bytesToGo -= bytesRead;
170 currData += bytesRead;
173 /* filled buffer with incoming data, done */
177 *dataLength = initLen - bytesToGo;
182 static OSStatus SocketWrite(SSLConnectionRef connection,
184 size_t *dataLength) /* IN/OUT */
186 size_t bytesSent = 0;
187 /*int sock = *(int *)connection;*/
188 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
189 int sock = connssl->ssl_sockfd;
191 size_t dataLen = *dataLength;
192 const UInt8 *dataPtr = (UInt8 *)data;
200 (char*)dataPtr + bytesSent,
201 dataLen - bytesSent);
202 } while((length > 0) &&
203 ( (bytesSent += length) < dataLen) );
207 if(theErr == EAGAIN) {
208 ortn = errSSLWouldBlock;
209 connssl->ssl_direction = true;
218 *dataLength = bytesSent;
222 CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher) {
224 /* SSL version 3.0 */
225 case SSL_RSA_WITH_NULL_MD5:
226 return "SSL_RSA_WITH_NULL_MD5";
228 case SSL_RSA_WITH_NULL_SHA:
229 return "SSL_RSA_WITH_NULL_SHA";
231 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
232 return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
234 case SSL_RSA_WITH_RC4_128_MD5:
235 return "SSL_RSA_WITH_RC4_128_MD5";
237 case SSL_RSA_WITH_RC4_128_SHA:
238 return "SSL_RSA_WITH_RC4_128_SHA";
240 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
241 return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
243 case SSL_RSA_WITH_IDEA_CBC_SHA:
244 return "SSL_RSA_WITH_IDEA_CBC_SHA";
246 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
247 return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
249 case SSL_RSA_WITH_DES_CBC_SHA:
250 return "SSL_RSA_WITH_DES_CBC_SHA";
252 case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
253 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
255 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
256 return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
258 case SSL_DH_DSS_WITH_DES_CBC_SHA:
259 return "SSL_DH_DSS_WITH_DES_CBC_SHA";
261 case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
262 return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
264 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
265 return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
267 case SSL_DH_RSA_WITH_DES_CBC_SHA:
268 return "SSL_DH_RSA_WITH_DES_CBC_SHA";
270 case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
271 return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
273 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
274 return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
276 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
277 return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
279 case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
280 return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
282 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
283 return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
285 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
286 return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
288 case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
289 return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
291 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
292 return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
294 case SSL_DH_anon_WITH_RC4_128_MD5:
295 return "SSL_DH_anon_WITH_RC4_128_MD5";
297 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
298 return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
300 case SSL_DH_anon_WITH_DES_CBC_SHA:
301 return "SSL_DH_anon_WITH_DES_CBC_SHA";
303 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
304 return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
306 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
307 return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
309 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
310 return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
312 /* TLS 1.0 with AES (RFC 3268)
313 (Apparently these are used in SSLv3 implementations as well.) */
314 case TLS_RSA_WITH_AES_128_CBC_SHA:
315 return "TLS_RSA_WITH_AES_128_CBC_SHA";
317 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
318 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
320 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
321 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
323 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
324 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
326 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
327 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
329 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
330 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
332 case TLS_RSA_WITH_AES_256_CBC_SHA:
333 return "TLS_RSA_WITH_AES_256_CBC_SHA";
335 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
336 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
338 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
339 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
341 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
342 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
344 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
345 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
347 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
348 return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
350 /* SSL version 2.0 */
351 case SSL_RSA_WITH_RC2_CBC_MD5:
352 return "SSL_RSA_WITH_RC2_CBC_MD5";
354 case SSL_RSA_WITH_IDEA_CBC_MD5:
355 return "SSL_RSA_WITH_IDEA_CBC_MD5";
357 case SSL_RSA_WITH_DES_CBC_MD5:
358 return "SSL_RSA_WITH_DES_CBC_MD5";
360 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
361 return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
364 return "SSL_NULL_WITH_NULL_NULL";
367 CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
369 /* TLS 1.0 with AES (RFC 3268) */
370 case TLS_RSA_WITH_AES_128_CBC_SHA:
371 return "TLS_RSA_WITH_AES_128_CBC_SHA";
373 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
374 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
376 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
377 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
379 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
380 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
382 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
383 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
385 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
386 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
388 case TLS_RSA_WITH_AES_256_CBC_SHA:
389 return "TLS_RSA_WITH_AES_256_CBC_SHA";
391 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
392 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
394 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
395 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
397 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
398 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
400 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
401 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
403 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
404 return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
406 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
407 /* TLS 1.0 with ECDSA (RFC 4492) */
408 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
409 return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
411 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
412 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
414 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
415 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
417 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
418 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
420 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
421 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
423 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
424 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
426 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
427 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
429 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
430 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
432 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
433 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
435 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
436 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
438 case TLS_ECDH_RSA_WITH_NULL_SHA:
439 return "TLS_ECDH_RSA_WITH_NULL_SHA";
441 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
442 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
444 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
445 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
447 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
448 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
450 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
451 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
453 case TLS_ECDHE_RSA_WITH_NULL_SHA:
454 return "TLS_ECDHE_RSA_WITH_NULL_SHA";
456 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
457 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
459 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
460 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
462 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
463 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
465 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
466 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
468 case TLS_ECDH_anon_WITH_NULL_SHA:
469 return "TLS_ECDH_anon_WITH_NULL_SHA";
471 case TLS_ECDH_anon_WITH_RC4_128_SHA:
472 return "TLS_ECDH_anon_WITH_RC4_128_SHA";
474 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
475 return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
477 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
478 return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
480 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
481 return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
483 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
484 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
485 /* TLS 1.2 (RFC 5246) */
486 case TLS_RSA_WITH_NULL_MD5:
487 return "TLS_RSA_WITH_NULL_MD5";
489 case TLS_RSA_WITH_NULL_SHA:
490 return "TLS_RSA_WITH_NULL_SHA";
492 case TLS_RSA_WITH_RC4_128_MD5:
493 return "TLS_RSA_WITH_RC4_128_MD5";
495 case TLS_RSA_WITH_RC4_128_SHA:
496 return "TLS_RSA_WITH_RC4_128_SHA";
498 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
499 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
501 case TLS_RSA_WITH_NULL_SHA256:
502 return "TLS_RSA_WITH_NULL_SHA256";
504 case TLS_RSA_WITH_AES_128_CBC_SHA256:
505 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
507 case TLS_RSA_WITH_AES_256_CBC_SHA256:
508 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
510 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
511 return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
513 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
514 return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
516 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
517 return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
519 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
520 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
522 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
523 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
525 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
526 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
528 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
529 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
531 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
532 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
534 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
535 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
537 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
538 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
540 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
541 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
543 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
544 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
546 case TLS_DH_anon_WITH_RC4_128_MD5:
547 return "TLS_DH_anon_WITH_RC4_128_MD5";
549 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
550 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
552 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
553 return "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
555 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
556 return "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
558 /* TLS 1.2 with AES GCM (RFC 5288) */
559 case TLS_RSA_WITH_AES_128_GCM_SHA256:
560 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
562 case TLS_RSA_WITH_AES_256_GCM_SHA384:
563 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
565 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
566 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
568 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
569 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
571 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
572 return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
574 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
575 return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
577 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
578 return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
580 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
581 return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
583 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
584 return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
586 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
587 return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
589 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
590 return "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
592 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
593 return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
595 /* TLS 1.2 with elliptic curve ciphers (RFC 5289) */
596 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
597 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
599 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
600 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
602 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
603 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
605 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
606 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
608 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
609 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
611 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
612 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
614 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
615 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
617 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
618 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
620 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
621 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
623 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
624 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
626 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
627 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
629 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
630 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
632 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
633 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
635 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
636 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
638 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
639 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
641 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
642 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
644 case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
645 return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
648 case SSL_RSA_WITH_NULL_MD5:
649 return "TLS_RSA_WITH_NULL_MD5";
651 case SSL_RSA_WITH_NULL_SHA:
652 return "TLS_RSA_WITH_NULL_SHA";
654 case SSL_RSA_WITH_RC4_128_MD5:
655 return "TLS_RSA_WITH_RC4_128_MD5";
657 case SSL_RSA_WITH_RC4_128_SHA:
658 return "TLS_RSA_WITH_RC4_128_SHA";
660 case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
661 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
663 case SSL_DH_anon_WITH_RC4_128_MD5:
664 return "TLS_DH_anon_WITH_RC4_128_MD5";
666 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
667 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
669 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
670 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
671 /* TLS PSK (RFC 4279): */
672 case TLS_PSK_WITH_RC4_128_SHA:
673 return "TLS_PSK_WITH_RC4_128_SHA";
675 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
676 return "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
678 case TLS_PSK_WITH_AES_128_CBC_SHA:
679 return "TLS_PSK_WITH_AES_128_CBC_SHA";
681 case TLS_PSK_WITH_AES_256_CBC_SHA:
682 return "TLS_PSK_WITH_AES_256_CBC_SHA";
684 case TLS_DHE_PSK_WITH_RC4_128_SHA:
685 return "TLS_DHE_PSK_WITH_RC4_128_SHA";
687 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
688 return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
690 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
691 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
693 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
694 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
696 case TLS_RSA_PSK_WITH_RC4_128_SHA:
697 return "TLS_RSA_PSK_WITH_RC4_128_SHA";
699 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
700 return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
702 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
703 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
705 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
706 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
708 /* More TLS PSK (RFC 4785): */
709 case TLS_PSK_WITH_NULL_SHA:
710 return "TLS_PSK_WITH_NULL_SHA";
712 case TLS_DHE_PSK_WITH_NULL_SHA:
713 return "TLS_DHE_PSK_WITH_NULL_SHA";
715 case TLS_RSA_PSK_WITH_NULL_SHA:
716 return "TLS_RSA_PSK_WITH_NULL_SHA";
718 /* Even more TLS PSK (RFC 5487): */
719 case TLS_PSK_WITH_AES_128_GCM_SHA256:
720 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
722 case TLS_PSK_WITH_AES_256_GCM_SHA384:
723 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
725 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
726 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
728 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
729 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
731 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
732 return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
734 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
735 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
737 case TLS_PSK_WITH_AES_128_CBC_SHA256:
738 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
740 case TLS_PSK_WITH_AES_256_CBC_SHA384:
741 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
743 case TLS_PSK_WITH_NULL_SHA256:
744 return "TLS_PSK_WITH_NULL_SHA256";
746 case TLS_PSK_WITH_NULL_SHA384:
747 return "TLS_PSK_WITH_NULL_SHA384";
749 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
750 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
752 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
753 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
755 case TLS_DHE_PSK_WITH_NULL_SHA256:
756 return "TLS_DHE_PSK_WITH_NULL_SHA256";
758 case TLS_DHE_PSK_WITH_NULL_SHA384:
759 return "TLS_RSA_PSK_WITH_NULL_SHA384";
761 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
762 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
764 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
765 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
767 case TLS_RSA_PSK_WITH_NULL_SHA256:
768 return "TLS_RSA_PSK_WITH_NULL_SHA256";
770 case TLS_RSA_PSK_WITH_NULL_SHA384:
771 return "TLS_RSA_PSK_WITH_NULL_SHA384";
773 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
775 return "TLS_NULL_WITH_NULL_NULL";
779 CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
783 size_t os_version_len;
784 char *os_version_major, *os_version_minor/*, *os_version_point*/;
787 /* Get the Darwin kernel version from the kernel using sysctl(): */
789 mib[1] = KERN_OSRELEASE;
790 if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
792 os_version = malloc(os_version_len*sizeof(char));
795 if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
800 /* Parse the version: */
801 os_version_major = strtok_r(os_version, ".", &tok_buf);
802 os_version_minor = strtok_r(NULL, ".", &tok_buf);
803 /*os_version_point = strtok_r(NULL, ".", &tok_buf);*/
804 *major = atoi(os_version_major);
805 *minor = atoi(os_version_minor);
808 #endif /* CURL_BUILD_MAC */
810 /* Apple provides a myriad of ways of getting information about a certificate
811 into a string. Some aren't available under iOS or newer cats. So here's
812 a unified function for getting a string describing the certificate that
813 ought to work in all cats starting with Leopard. */
814 CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
816 CFStringRef server_cert_summary = CFSTR("(null)");
819 /* iOS: There's only one way to do this. */
820 server_cert_summary = SecCertificateCopySubjectSummary(cert);
822 #if CURL_BUILD_MAC_10_7
823 /* Lion & later: Get the long description if we can. */
824 if(SecCertificateCopyLongDescription != NULL)
825 server_cert_summary =
826 SecCertificateCopyLongDescription(NULL, cert, NULL);
828 #endif /* CURL_BUILD_MAC_10_7 */
829 #if CURL_BUILD_MAC_10_6
830 /* Snow Leopard: Get the certificate summary. */
831 if(SecCertificateCopySubjectSummary != NULL)
832 server_cert_summary = SecCertificateCopySubjectSummary(cert);
834 #endif /* CURL_BUILD_MAC_10_6 */
835 /* Leopard is as far back as we go... */
836 (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
837 #endif /* CURL_BUILD_IOS */
838 return server_cert_summary;
841 #if CURL_SUPPORT_MAC_10_6
842 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise
843 deprecation warnings, so let's not compile this unless it's necessary: */
844 static OSStatus CopyIdentityWithLabelOldSchool(char *label,
845 SecIdentityRef *out_c_a_k)
847 OSStatus status = errSecItemNotFound;
848 SecKeychainAttributeList attr_list;
849 SecKeychainAttribute attr;
850 SecKeychainSearchRef search = NULL;
851 SecCertificateRef cert = NULL;
853 /* Set up the attribute list: */
854 attr_list.count = 1L;
855 attr_list.attr = &attr;
857 /* Set up our lone search criterion: */
858 attr.tag = kSecLabelItemAttr;
860 attr.length = (UInt32)strlen(label);
862 /* Start searching: */
863 status = SecKeychainSearchCreateFromAttributes(NULL,
864 kSecCertificateItemClass,
867 if(status == noErr) {
868 status = SecKeychainSearchCopyNext(search,
869 (SecKeychainItemRef *)&cert);
870 if(status == noErr && cert) {
871 /* If we found a certificate, does it have a private key? */
872 status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
881 #endif /* CURL_SUPPORT_MAC_10_6 */
883 static OSStatus CopyIdentityWithLabel(char *label,
884 SecIdentityRef *out_cert_and_key)
886 OSStatus status = errSecItemNotFound;
888 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
889 /* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
890 kSecClassIdentity was introduced in Lion. If both exist, let's use them
891 to find the certificate. */
892 if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
895 CFDictionaryRef query_dict;
896 CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
897 kCFStringEncodingUTF8);
899 /* Set up our search criteria and expected results: */
900 values[0] = kSecClassIdentity; /* we want a certificate and a key */
902 values[1] = kCFBooleanTrue; /* we want a reference */
903 keys[1] = kSecReturnRef;
904 values[2] = kSecMatchLimitOne; /* one is enough, thanks */
905 keys[2] = kSecMatchLimit;
906 /* identity searches need a SecPolicyRef in order to work */
907 values[3] = SecPolicyCreateSSL(false, label_cf);
908 keys[3] = kSecMatchPolicy;
909 query_dict = CFDictionaryCreate(NULL, (const void **)keys,
910 (const void **)values, 4L,
911 &kCFCopyStringDictionaryKeyCallBacks,
912 &kCFTypeDictionaryValueCallBacks);
913 CFRelease(values[3]);
916 /* Do we have a match? */
917 status = SecItemCopyMatching(query_dict, (CFTypeRef *)out_cert_and_key);
918 CFRelease(query_dict);
921 #if CURL_SUPPORT_MAC_10_6
922 /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
923 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
924 #endif /* CURL_SUPPORT_MAC_10_7 */
926 #elif CURL_SUPPORT_MAC_10_6
927 /* For developers building on older cats, we have no choice but to fall back
928 to SecKeychainSearch. */
929 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
930 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
934 static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
935 const char *cPassword,
936 SecIdentityRef *out_cert_and_key)
938 OSStatus status = errSecItemNotFound;
939 CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL,
940 (const UInt8 *)cPath, strlen(cPath), false);
941 CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
942 cPassword, kCFStringEncodingUTF8) : NULL;
943 CFDataRef pkcs_data = NULL;
945 /* We can import P12 files on iOS or OS X 10.7 or later: */
946 /* These constants are documented as having first appeared in 10.6 but they
947 raise linker errors when used on that cat for some reason. */
948 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
949 if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
950 NULL, NULL, &status)) {
951 const void *cKeys[] = {kSecImportExportPassphrase};
952 const void *cValues[] = {password};
953 CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
954 password ? 1L : 0L, NULL, NULL);
955 CFArrayRef items = NULL;
958 status = SecPKCS12Import(pkcs_data, options, &items);
959 if(status == noErr && items && CFArrayGetCount(items)) {
960 CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);
961 const void *temp_identity = CFDictionaryGetValue(identity_and_trust,
962 kSecImportItemIdentity);
964 /* Retain the identity; we don't care about any other data... */
965 CFRetain(temp_identity);
966 *out_cert_and_key = (SecIdentityRef)temp_identity;
972 CFRelease(pkcs_data);
974 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
981 /* This code was borrowed from nss.c, with some modifications:
982 * Determine whether the nickname passed in is a filename that needs to
983 * be loaded as a PEM or a regular NSS nickname.
985 * returns 1 for a file
986 * returns 0 for not a file
988 CF_INLINE bool is_file(const char *filename)
995 if(stat(filename, &st) == 0)
996 return S_ISREG(st.st_mode);
1000 static CURLcode darwinssl_connect_step1(struct connectdata *conn,
1003 struct SessionHandle *data = conn->data;
1004 curl_socket_t sockfd = conn->sock[sockindex];
1005 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1007 struct in6_addr addr;
1009 struct in_addr addr;
1010 #endif /* ENABLE_IPV6 */
1011 size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
1012 SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
1013 char *ssl_sessionid;
1014 size_t ssl_sessionid_len;
1015 OSStatus err = noErr;
1017 int darwinver_maj = 0, darwinver_min = 0;
1019 GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
1020 #endif /* CURL_BUILD_MAC */
1022 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1023 if(SSLCreateContext != NULL) { /* use the newer API if avaialble */
1024 if(connssl->ssl_ctx)
1025 CFRelease(connssl->ssl_ctx);
1026 connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
1027 if(!connssl->ssl_ctx) {
1028 failf(data, "SSL: couldn't create a context!");
1029 return CURLE_OUT_OF_MEMORY;
1033 /* The old ST API does not exist under iOS, so don't compile it: */
1034 #if CURL_SUPPORT_MAC_10_8
1035 if(connssl->ssl_ctx)
1036 (void)SSLDisposeContext(connssl->ssl_ctx);
1037 err = SSLNewContext(false, &(connssl->ssl_ctx));
1039 failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1040 return CURLE_OUT_OF_MEMORY;
1042 #endif /* CURL_SUPPORT_MAC_10_8 */
1045 if(connssl->ssl_ctx)
1046 (void)SSLDisposeContext(connssl->ssl_ctx);
1047 err = SSLNewContext(false, &(connssl->ssl_ctx));
1049 failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1050 return CURLE_OUT_OF_MEMORY;
1052 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1053 connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */
1055 /* check to see if we've been told to use an explicit SSL/TLS version */
1056 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1057 if(SSLSetProtocolVersionMax != NULL) {
1058 switch(data->set.ssl.version) {
1060 case CURL_SSLVERSION_DEFAULT:
1061 case CURL_SSLVERSION_TLSv1:
1062 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1063 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1065 case CURL_SSLVERSION_TLSv1_0:
1066 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1067 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1);
1069 case CURL_SSLVERSION_TLSv1_1:
1070 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11);
1071 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11);
1073 case CURL_SSLVERSION_TLSv1_2:
1074 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12);
1075 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1077 case CURL_SSLVERSION_SSLv3:
1078 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
1080 failf(data, "Your version of the OS does not support SSLv3");
1081 return CURLE_SSL_CONNECT_ERROR;
1083 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
1085 case CURL_SSLVERSION_SSLv2:
1086 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
1088 failf(data, "Your version of the OS does not support SSLv2");
1089 return CURLE_SSL_CONNECT_ERROR;
1091 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
1095 #if CURL_SUPPORT_MAC_10_8
1096 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1099 switch (data->set.ssl.version) {
1101 case CURL_SSLVERSION_DEFAULT:
1102 case CURL_SSLVERSION_TLSv1:
1103 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1106 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1109 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1113 case CURL_SSLVERSION_TLSv1_0:
1114 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1118 case CURL_SSLVERSION_TLSv1_1:
1119 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1123 case CURL_SSLVERSION_TLSv1_2:
1124 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1128 case CURL_SSLVERSION_SSLv3:
1129 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1133 failf(data, "Your version of the OS does not support SSLv3");
1134 return CURLE_SSL_CONNECT_ERROR;
1137 case CURL_SSLVERSION_SSLv2:
1138 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1142 failf(data, "Your version of the OS does not support SSLv2");
1143 return CURLE_SSL_CONNECT_ERROR;
1147 #endif /* CURL_SUPPORT_MAC_10_8 */
1150 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
1151 switch(data->set.ssl.version) {
1153 case CURL_SSLVERSION_DEFAULT:
1154 case CURL_SSLVERSION_TLSv1:
1155 case CURL_SSLVERSION_TLSv1_0:
1156 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1160 case CURL_SSLVERSION_TLSv1_1:
1161 failf(data, "Your version of the OS does not support TLSv1.1");
1162 return CURLE_SSL_CONNECT_ERROR;
1163 case CURL_SSLVERSION_TLSv1_2:
1164 failf(data, "Your version of the OS does not support TLSv1.2");
1165 return CURLE_SSL_CONNECT_ERROR;
1166 case CURL_SSLVERSION_SSLv2:
1167 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1171 failf(data, "Your version of the OS does not support SSLv2");
1172 return CURLE_SSL_CONNECT_ERROR;
1175 case CURL_SSLVERSION_SSLv3:
1176 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1180 failf(data, "Your version of the OS does not support SSLv3");
1181 return CURLE_SSL_CONNECT_ERROR;
1185 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1187 if(data->set.str[STRING_KEY]) {
1188 infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
1189 "Transport. The private key must be in the Keychain.\n");
1192 if(data->set.str[STRING_CERT]) {
1193 SecIdentityRef cert_and_key = NULL;
1194 bool is_cert_file = is_file(data->set.str[STRING_CERT]);
1196 /* User wants to authenticate with a client cert. Look for it:
1197 If we detect that this is a file on disk, then let's load it.
1198 Otherwise, assume that the user wants to use an identity loaded
1199 from the Keychain. */
1201 if(!data->set.str[STRING_CERT_TYPE])
1202 infof(data, "WARNING: SSL: Certificate type not set, assuming "
1203 "PKCS#12 format.\n");
1204 else if(strncmp(data->set.str[STRING_CERT_TYPE], "P12",
1205 strlen(data->set.str[STRING_CERT_TYPE])) != 0)
1206 infof(data, "WARNING: SSL: The Security framework only supports "
1207 "loading identities that are in PKCS#12 format.\n");
1209 err = CopyIdentityFromPKCS12File(data->set.str[STRING_CERT],
1210 data->set.str[STRING_KEY_PASSWD], &cert_and_key);
1213 err = CopyIdentityWithLabel(data->set.str[STRING_CERT], &cert_and_key);
1216 SecCertificateRef cert = NULL;
1217 CFTypeRef certs_c[1];
1220 /* If we found one, print it out: */
1221 err = SecIdentityCopyCertificate(cert_and_key, &cert);
1223 CFStringRef cert_summary = CopyCertSubject(cert);
1224 char cert_summary_c[128];
1227 memset(cert_summary_c, 0, 128);
1228 if(CFStringGetCString(cert_summary,
1231 kCFStringEncodingUTF8)) {
1232 infof(data, "Client certificate: %s\n", cert_summary_c);
1234 CFRelease(cert_summary);
1238 certs_c[0] = cert_and_key;
1239 certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
1240 &kCFTypeArrayCallBacks);
1241 err = SSLSetCertificate(connssl->ssl_ctx, certs);
1245 failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
1246 return CURLE_SSL_CERTPROBLEM;
1248 CFRelease(cert_and_key);
1252 case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
1253 failf(data, "SSL: Incorrect password for the certificate \"%s\" "
1254 "and its private key.", data->set.str[STRING_CERT]);
1256 case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
1257 failf(data, "SSL: Couldn't make sense of the data in the "
1258 "certificate \"%s\" and its private key.",
1259 data->set.str[STRING_CERT]);
1261 case -25260: /* errSecPassphraseRequired */
1262 failf(data, "SSL The certificate \"%s\" requires a password.",
1263 data->set.str[STRING_CERT]);
1265 case errSecItemNotFound:
1266 failf(data, "SSL: Can't find the certificate \"%s\" and its private "
1267 "key in the Keychain.", data->set.str[STRING_CERT]);
1270 failf(data, "SSL: Can't load the certificate \"%s\" and its private "
1271 "key: OSStatus %d", data->set.str[STRING_CERT], err);
1274 return CURLE_SSL_CERTPROBLEM;
1278 /* SSL always tries to verify the peer, this only says whether it should
1279 * fail to connect if the verification fails, or if it should continue
1280 * anyway. In the latter case the result of the verification is checked with
1281 * SSL_get_verify_result() below. */
1282 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
1283 /* Snow Leopard introduced the SSLSetSessionOption() function, but due to
1284 a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
1285 works, it doesn't work as expected under Snow Leopard or Lion.
1286 So we need to call SSLSetEnableCertVerify() on those older cats in order
1287 to disable certificate validation if the user turned that off.
1288 (SecureTransport will always validate the certificate chain by
1290 /* (Note: Darwin 12.x.x is Mountain Lion.) */
1292 if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {
1294 if(SSLSetSessionOption != NULL) {
1295 #endif /* CURL_BUILD_MAC */
1296 bool break_on_auth = !data->set.ssl.verifypeer ||
1297 data->set.str[STRING_SSL_CAFILE];
1298 err = SSLSetSessionOption(connssl->ssl_ctx,
1299 kSSLSessionOptionBreakOnServerAuth,
1302 failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
1303 return CURLE_SSL_CONNECT_ERROR;
1307 #if CURL_SUPPORT_MAC_10_8
1308 err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1309 data->set.ssl.verifypeer?true:false);
1311 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1312 return CURLE_SSL_CONNECT_ERROR;
1314 #endif /* CURL_SUPPORT_MAC_10_8 */
1317 err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1318 data->set.ssl.verifypeer?true:false);
1320 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1321 return CURLE_SSL_CONNECT_ERROR;
1323 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
1325 if(data->set.str[STRING_SSL_CAFILE]) {
1326 bool is_cert_file = is_file(data->set.str[STRING_SSL_CAFILE]);
1329 failf(data, "SSL: can't load CA certificate file %s",
1330 data->set.str[STRING_SSL_CAFILE]);
1331 return CURLE_SSL_CACERT_BADFILE;
1333 if(!data->set.ssl.verifypeer) {
1334 failf(data, "SSL: CA certificate set, but certificate verification "
1336 return CURLE_SSL_CONNECT_ERROR;
1340 /* Configure hostname check. SNI is used if available.
1341 * Both hostname check and SNI require SSLSetPeerDomainName().
1342 * Also: the verifyhost setting influences SNI usage */
1343 if(data->set.ssl.verifyhost) {
1344 err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
1345 strlen(conn->host.name));
1348 infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
1352 if((Curl_inet_pton(AF_INET, conn->host.name, &addr))
1354 || (Curl_inet_pton(AF_INET6, conn->host.name, &addr))
1357 infof(data, "WARNING: using IP address, SNI is being disabled by "
1362 /* Disable cipher suites that ST supports but are not safe. These ciphers
1363 are unlikely to be used in any case since ST gives other ciphers a much
1364 higher priority, but it's probably better that we not connect at all than
1365 to give the user a false sense of security if the server only supports
1366 insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
1367 (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
1368 all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1369 allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1370 if(all_ciphers && allowed_ciphers &&
1371 SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
1372 &all_ciphers_count) == noErr) {
1373 for(i = 0UL ; i < all_ciphers_count ; i++) {
1375 /* There's a known bug in early versions of Mountain Lion where ST's ECC
1376 ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
1377 Work around the problem here by disabling those ciphers if we are
1378 running in an affected version of OS X. */
1379 if(darwinver_maj == 12 && darwinver_min <= 3 &&
1380 all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
1383 #endif /* CURL_BUILD_MAC */
1384 switch(all_ciphers[i]) {
1385 /* Disable NULL ciphersuites: */
1386 case SSL_NULL_WITH_NULL_NULL:
1387 case SSL_RSA_WITH_NULL_MD5:
1388 case SSL_RSA_WITH_NULL_SHA:
1389 case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */
1390 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1391 case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
1392 case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
1393 case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
1394 case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
1395 case 0x002C: /* TLS_PSK_WITH_NULL_SHA */
1396 case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */
1397 case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */
1398 case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */
1399 case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */
1400 case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */
1401 case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */
1402 case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */
1403 case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */
1404 /* Disable anonymous ciphersuites: */
1405 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
1406 case SSL_DH_anon_WITH_RC4_128_MD5:
1407 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
1408 case SSL_DH_anon_WITH_DES_CBC_SHA:
1409 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
1410 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
1411 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1412 case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
1413 case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
1414 case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
1415 case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
1416 case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
1417 case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
1418 case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
1419 case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
1420 case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
1421 /* Disable weak key ciphersuites: */
1422 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
1423 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
1424 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
1425 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
1426 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
1427 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
1428 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
1429 case SSL_RSA_WITH_DES_CBC_SHA:
1430 case SSL_DH_DSS_WITH_DES_CBC_SHA:
1431 case SSL_DH_RSA_WITH_DES_CBC_SHA:
1432 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
1433 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
1435 case SSL_RSA_WITH_IDEA_CBC_SHA:
1436 case SSL_RSA_WITH_IDEA_CBC_MD5:
1438 default: /* enable everything else */
1439 allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
1443 err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
1444 allowed_ciphers_count);
1446 failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
1447 return CURLE_SSL_CONNECT_ERROR;
1451 Curl_safefree(all_ciphers);
1452 Curl_safefree(allowed_ciphers);
1453 failf(data, "SSL: Failed to allocate memory for allowed ciphers");
1454 return CURLE_OUT_OF_MEMORY;
1456 Curl_safefree(all_ciphers);
1457 Curl_safefree(allowed_ciphers);
1459 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
1460 /* We want to enable 1/n-1 when using a CBC cipher unless the user
1461 specifically doesn't want us doing that: */
1462 if(SSLSetSessionOption != NULL) {
1463 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
1464 !data->set.ssl_enable_beast);
1465 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart,
1466 data->set.ssl.falsestart); /* false start support */
1468 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
1470 /* Check if there's a cached ID we can/should use here! */
1471 if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
1472 &ssl_sessionid_len)) {
1473 /* we got a session id, use it! */
1474 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1476 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1477 return CURLE_SSL_CONNECT_ERROR;
1479 /* Informational message */
1480 infof(data, "SSL re-using session ID\n");
1482 /* If there isn't one, then let's make one up! This has to be done prior
1483 to starting the handshake. */
1487 aprintf("%s:%d:%d:%s:%hu", data->set.str[STRING_SSL_CAFILE],
1488 data->set.ssl.verifypeer, data->set.ssl.verifyhost,
1489 conn->host.name, conn->remote_port);
1490 ssl_sessionid_len = strlen(ssl_sessionid);
1492 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1494 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1495 return CURLE_SSL_CONNECT_ERROR;
1498 result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len);
1500 failf(data, "failed to store ssl session");
1505 err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
1507 failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
1508 return CURLE_SSL_CONNECT_ERROR;
1511 /* pass the raw socket into the SSL layers */
1512 /* We need to store the FD in a constant memory address, because
1513 * SSLSetConnection() will not copy that address. I've found that
1514 * conn->sock[sockindex] may change on its own. */
1515 connssl->ssl_sockfd = sockfd;
1516 err = SSLSetConnection(connssl->ssl_ctx, connssl);
1518 failf(data, "SSL: SSLSetConnection() failed: %d", err);
1519 return CURLE_SSL_CONNECT_ERROR;
1522 connssl->connecting_state = ssl_connect_2;
1526 static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
1528 char *sep_start, *sep_end, *cert_start, *cert_end;
1533 /* Jump through the separators at the beginning of the certificate. */
1534 sep_start = strstr(in, "-----");
1535 if(sep_start == NULL)
1537 cert_start = strstr(sep_start + 1, "-----");
1538 if(cert_start == NULL)
1543 /* Find separator after the end of the certificate. */
1544 cert_end = strstr(cert_start, "-----");
1545 if(cert_end == NULL)
1548 sep_end = strstr(cert_end + 1, "-----");
1553 len = cert_end - cert_start;
1554 b64 = malloc(len + 1);
1558 /* Create base64 string without linefeeds. */
1559 for(i = 0, j = 0; i < len; i++) {
1560 if(cert_start[i] != '\r' && cert_start[i] != '\n')
1561 b64[j++] = cert_start[i];
1565 err = Curl_base64_decode((const char *)b64, out, outlen);
1572 return sep_end - in;
1575 static int read_cert(const char *file, unsigned char **out, size_t *outlen)
1578 ssize_t n, len = 0, cap = 512;
1579 unsigned char buf[cap], *data;
1592 n = read(fd, buf, sizeof(buf));
1603 if(len + n >= cap) {
1605 data = realloc(data, cap);
1612 memcpy(data + len, buf, n);
1623 static int sslerr_to_curlerr(struct SessionHandle *data, int err)
1626 case errSSLXCertChainInvalid:
1627 failf(data, "SSL certificate problem: Invalid certificate chain");
1628 return CURLE_SSL_CACERT;
1629 case errSSLUnknownRootCert:
1630 failf(data, "SSL certificate problem: Untrusted root certificate");
1631 return CURLE_SSL_CACERT;
1632 case errSSLNoRootCert:
1633 failf(data, "SSL certificate problem: No root certificate");
1634 return CURLE_SSL_CACERT;
1635 case errSSLCertExpired:
1636 failf(data, "SSL certificate problem: Certificate chain had an "
1637 "expired certificate");
1638 return CURLE_SSL_CACERT;
1640 failf(data, "SSL certificate problem: Couldn't understand the server "
1641 "certificate format");
1642 return CURLE_SSL_CONNECT_ERROR;
1643 case errSSLHostNameMismatch:
1644 failf(data, "SSL certificate peer hostname mismatch");
1645 return CURLE_PEER_FAILED_VERIFICATION;
1647 failf(data, "SSL unexpected certificate error %d", err);
1648 return CURLE_SSL_CACERT;
1652 static int append_cert_to_array(struct SessionHandle *data,
1653 unsigned char *buf, size_t buflen,
1654 CFMutableArrayRef array)
1656 CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
1658 failf(data, "SSL: failed to allocate array for CA certificate");
1659 return CURLE_OUT_OF_MEMORY;
1662 SecCertificateRef cacert =
1663 SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
1664 CFRelease(certdata);
1666 failf(data, "SSL: failed to create SecCertificate from CA certificate");
1667 return CURLE_SSL_CACERT;
1670 /* Check if cacert is valid. */
1671 CFStringRef subject = CopyCertSubject(cacert);
1673 char subject_cbuf[128];
1674 memset(subject_cbuf, 0, 128);
1675 if(!CFStringGetCString(subject,
1678 kCFStringEncodingUTF8)) {
1680 failf(data, "SSL: invalid CA certificate subject");
1681 return CURLE_SSL_CACERT;
1687 failf(data, "SSL: invalid CA certificate");
1688 return CURLE_SSL_CACERT;
1691 CFArrayAppendValue(array, cacert);
1697 static int verify_cert(const char *cafile, struct SessionHandle *data,
1702 unsigned char *certbuf, *der;
1703 size_t buflen, derlen, offset = 0;
1705 if(read_cert(cafile, &certbuf, &buflen) < 0) {
1706 failf(data, "SSL: failed to read or invalid CA certificate");
1707 return CURLE_SSL_CACERT;
1711 * Certbuf now contains the contents of the certificate file, which can be
1712 * - a single DER certificate,
1713 * - a single PEM certificate or
1714 * - a bunch of PEM certificates (certificate bundle).
1716 * Go through certbuf, and convert any PEM certificate in it into DER
1719 CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
1720 &kCFTypeArrayCallBacks);
1723 failf(data, "SSL: out of memory creating CA certificate array");
1724 return CURLE_OUT_OF_MEMORY;
1727 while(offset < buflen) {
1731 * Check if the certificate is in PEM format, and convert it to DER. If
1732 * this fails, we assume the certificate is in DER format.
1734 res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
1738 failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
1740 return CURLE_SSL_CACERT;
1744 if(res == 0 && offset == 0) {
1745 /* This is not a PEM file, probably a certificate in DER format. */
1746 rc = append_cert_to_array(data, certbuf, buflen, array);
1748 if(rc != CURLE_OK) {
1755 /* No more certificates in the bundle. */
1760 rc = append_cert_to_array(data, der, derlen, array);
1762 if(rc != CURLE_OK) {
1770 OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
1772 failf(data, "SSL: error getting certificate chain");
1774 return CURLE_OUT_OF_MEMORY;
1776 else if(ret != noErr) {
1778 return sslerr_to_curlerr(data, ret);
1781 ret = SecTrustSetAnchorCertificates(trust, array);
1784 return sslerr_to_curlerr(data, ret);
1786 ret = SecTrustSetAnchorCertificatesOnly(trust, true);
1789 return sslerr_to_curlerr(data, ret);
1792 SecTrustResultType trust_eval = 0;
1793 ret = SecTrustEvaluate(trust, &trust_eval);
1797 return sslerr_to_curlerr(data, ret);
1800 switch (trust_eval) {
1801 case kSecTrustResultUnspecified:
1802 case kSecTrustResultProceed:
1805 case kSecTrustResultRecoverableTrustFailure:
1806 case kSecTrustResultDeny:
1808 failf(data, "SSL: certificate verification failed (result: %d)",
1810 return CURLE_PEER_FAILED_VERIFICATION;
1815 darwinssl_connect_step2(struct connectdata *conn, int sockindex)
1817 struct SessionHandle *data = conn->data;
1818 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1820 SSLCipherSuite cipher;
1821 SSLProtocol protocol = 0;
1823 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
1824 || ssl_connect_2_reading == connssl->connecting_state
1825 || ssl_connect_2_writing == connssl->connecting_state);
1827 /* Here goes nothing: */
1828 err = SSLHandshake(connssl->ssl_ctx);
1832 case errSSLWouldBlock: /* they're not done with us yet */
1833 connssl->connecting_state = connssl->ssl_direction ?
1834 ssl_connect_2_writing : ssl_connect_2_reading;
1837 /* The below is errSSLServerAuthCompleted; it's not defined in
1838 Leopard's headers */
1840 if(data->set.str[STRING_SSL_CAFILE]) {
1841 int res = verify_cert(data->set.str[STRING_SSL_CAFILE], data,
1846 /* the documentation says we need to call SSLHandshake() again */
1847 return darwinssl_connect_step2(conn, sockindex);
1849 /* These are all certificate problems with the server: */
1850 case errSSLXCertChainInvalid:
1851 failf(data, "SSL certificate problem: Invalid certificate chain");
1852 return CURLE_SSL_CACERT;
1853 case errSSLUnknownRootCert:
1854 failf(data, "SSL certificate problem: Untrusted root certificate");
1855 return CURLE_SSL_CACERT;
1856 case errSSLNoRootCert:
1857 failf(data, "SSL certificate problem: No root certificate");
1858 return CURLE_SSL_CACERT;
1859 case errSSLCertExpired:
1860 failf(data, "SSL certificate problem: Certificate chain had an "
1861 "expired certificate");
1862 return CURLE_SSL_CACERT;
1864 failf(data, "SSL certificate problem: Couldn't understand the server "
1865 "certificate format");
1866 return CURLE_SSL_CONNECT_ERROR;
1868 /* These are all certificate problems with the client: */
1869 case errSecAuthFailed:
1870 failf(data, "SSL authentication failed");
1871 return CURLE_SSL_CONNECT_ERROR;
1872 case errSSLPeerHandshakeFail:
1873 failf(data, "SSL peer handshake failed, the server most likely "
1874 "requires a client certificate to connect");
1875 return CURLE_SSL_CONNECT_ERROR;
1876 case errSSLPeerUnknownCA:
1877 failf(data, "SSL server rejected the client certificate due to "
1878 "the certificate being signed by an unknown certificate "
1880 return CURLE_SSL_CONNECT_ERROR;
1882 /* This error is raised if the server's cert didn't match the server's
1884 case errSSLHostNameMismatch:
1885 failf(data, "SSL certificate peer verification failed, the "
1886 "certificate did not match \"%s\"\n", conn->host.dispname);
1887 return CURLE_PEER_FAILED_VERIFICATION;
1889 /* Generic handshake errors: */
1890 case errSSLConnectionRefused:
1891 failf(data, "Server dropped the connection during the SSL handshake");
1892 return CURLE_SSL_CONNECT_ERROR;
1893 case errSSLClosedAbort:
1894 failf(data, "Server aborted the SSL handshake");
1895 return CURLE_SSL_CONNECT_ERROR;
1896 case errSSLNegotiation:
1897 failf(data, "Could not negotiate an SSL cipher suite with the server");
1898 return CURLE_SSL_CONNECT_ERROR;
1899 /* Sometimes paramErr happens with buggy ciphers: */
1900 case paramErr: case errSSLInternal:
1901 failf(data, "Internal SSL engine error encountered during the "
1903 return CURLE_SSL_CONNECT_ERROR;
1904 case errSSLFatalAlert:
1905 failf(data, "Fatal SSL engine error encountered during the SSL "
1907 return CURLE_SSL_CONNECT_ERROR;
1909 failf(data, "Unknown SSL protocol error in connection to %s:%d",
1910 conn->host.name, err);
1911 return CURLE_SSL_CONNECT_ERROR;
1915 /* we have been connected fine, we're not waiting for anything else. */
1916 connssl->connecting_state = ssl_connect_3;
1918 /* Informational message */
1919 (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
1920 (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol);
1923 infof(data, "SSL 2.0 connection using %s\n",
1924 SSLCipherNameForNumber(cipher));
1927 infof(data, "SSL 3.0 connection using %s\n",
1928 SSLCipherNameForNumber(cipher));
1931 infof(data, "TLS 1.0 connection using %s\n",
1932 TLSCipherNameForNumber(cipher));
1934 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1935 case kTLSProtocol11:
1936 infof(data, "TLS 1.1 connection using %s\n",
1937 TLSCipherNameForNumber(cipher));
1939 case kTLSProtocol12:
1940 infof(data, "TLS 1.2 connection using %s\n",
1941 TLSCipherNameForNumber(cipher));
1945 infof(data, "Unknown protocol connection\n");
1954 darwinssl_connect_step3(struct connectdata *conn,
1957 struct SessionHandle *data = conn->data;
1958 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1959 CFStringRef server_cert_summary;
1960 char server_cert_summary_c[128];
1961 CFArrayRef server_certs = NULL;
1962 SecCertificateRef server_cert;
1965 SecTrustRef trust = NULL;
1967 /* There is no step 3!
1968 * Well, okay, if verbose mode is on, let's print the details of the
1969 * server certificates. */
1970 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
1972 #pragma unused(server_certs)
1973 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
1974 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
1975 a null trust, so be on guard for that: */
1976 if(err == noErr && trust) {
1977 count = SecTrustGetCertificateCount(trust);
1978 for(i = 0L ; i < count ; i++) {
1979 server_cert = SecTrustGetCertificateAtIndex(trust, i);
1980 server_cert_summary = CopyCertSubject(server_cert);
1981 memset(server_cert_summary_c, 0, 128);
1982 if(CFStringGetCString(server_cert_summary,
1983 server_cert_summary_c,
1985 kCFStringEncodingUTF8)) {
1986 infof(data, "Server certificate: %s\n", server_cert_summary_c);
1988 CFRelease(server_cert_summary);
1993 /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion.
1994 The function SecTrustGetCertificateAtIndex() is officially present
1995 in Lion, but it is unfortunately also present in Snow Leopard as
1996 private API and doesn't work as expected. So we have to look for
1997 a different symbol to make sure this code is only executed under
1999 if(SecTrustEvaluateAsync != NULL) {
2000 #pragma unused(server_certs)
2001 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
2002 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
2003 a null trust, so be on guard for that: */
2004 if(err == noErr && trust) {
2005 count = SecTrustGetCertificateCount(trust);
2006 for(i = 0L ; i < count ; i++) {
2007 server_cert = SecTrustGetCertificateAtIndex(trust, i);
2008 server_cert_summary = CopyCertSubject(server_cert);
2009 memset(server_cert_summary_c, 0, 128);
2010 if(CFStringGetCString(server_cert_summary,
2011 server_cert_summary_c,
2013 kCFStringEncodingUTF8)) {
2014 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2016 CFRelease(server_cert_summary);
2022 #if CURL_SUPPORT_MAC_10_8
2023 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2024 /* Just in case SSLCopyPeerCertificates() returns null too... */
2025 if(err == noErr && server_certs) {
2026 count = CFArrayGetCount(server_certs);
2027 for(i = 0L ; i < count ; i++) {
2028 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
2031 server_cert_summary = CopyCertSubject(server_cert);
2032 memset(server_cert_summary_c, 0, 128);
2033 if(CFStringGetCString(server_cert_summary,
2034 server_cert_summary_c,
2036 kCFStringEncodingUTF8)) {
2037 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2039 CFRelease(server_cert_summary);
2041 CFRelease(server_certs);
2043 #endif /* CURL_SUPPORT_MAC_10_8 */
2045 #endif /* CURL_BUILD_IOS */
2047 #pragma unused(trust)
2048 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2050 count = CFArrayGetCount(server_certs);
2051 for(i = 0L ; i < count ; i++) {
2052 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
2053 server_cert_summary = CopyCertSubject(server_cert);
2054 memset(server_cert_summary_c, 0, 128);
2055 if(CFStringGetCString(server_cert_summary,
2056 server_cert_summary_c,
2058 kCFStringEncodingUTF8)) {
2059 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2061 CFRelease(server_cert_summary);
2063 CFRelease(server_certs);
2065 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
2067 connssl->connecting_state = ssl_connect_done;
2071 static Curl_recv darwinssl_recv;
2072 static Curl_send darwinssl_send;
2075 darwinssl_connect_common(struct connectdata *conn,
2081 struct SessionHandle *data = conn->data;
2082 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2083 curl_socket_t sockfd = conn->sock[sockindex];
2087 /* check if the connection has already been established */
2088 if(ssl_connection_complete == connssl->state) {
2093 if(ssl_connect_1==connssl->connecting_state) {
2094 /* Find out how much more time we're allowed */
2095 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2097 if(timeout_ms < 0) {
2098 /* no need to continue if time already is up */
2099 failf(data, "SSL connection timeout");
2100 return CURLE_OPERATION_TIMEDOUT;
2103 result = darwinssl_connect_step1(conn, sockindex);
2108 while(ssl_connect_2 == connssl->connecting_state ||
2109 ssl_connect_2_reading == connssl->connecting_state ||
2110 ssl_connect_2_writing == connssl->connecting_state) {
2112 /* check allowed time left */
2113 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2115 if(timeout_ms < 0) {
2116 /* no need to continue if time already is up */
2117 failf(data, "SSL connection timeout");
2118 return CURLE_OPERATION_TIMEDOUT;
2121 /* if ssl is expecting something, check if it's available. */
2122 if(connssl->connecting_state == ssl_connect_2_reading ||
2123 connssl->connecting_state == ssl_connect_2_writing) {
2125 curl_socket_t writefd = ssl_connect_2_writing ==
2126 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2127 curl_socket_t readfd = ssl_connect_2_reading ==
2128 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2130 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
2133 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2134 return CURLE_SSL_CONNECT_ERROR;
2136 else if(0 == what) {
2143 failf(data, "SSL connection timeout");
2144 return CURLE_OPERATION_TIMEDOUT;
2147 /* socket is readable or writable */
2150 /* Run transaction, and return to the caller if it failed or if this
2151 * connection is done nonblocking and this loop would execute again. This
2152 * permits the owner of a multi handle to abort a connection attempt
2153 * before step2 has completed while ensuring that a client using select()
2154 * or epoll() will always have a valid fdset to wait on.
2156 result = darwinssl_connect_step2(conn, sockindex);
2157 if(result || (nonblocking &&
2158 (ssl_connect_2 == connssl->connecting_state ||
2159 ssl_connect_2_reading == connssl->connecting_state ||
2160 ssl_connect_2_writing == connssl->connecting_state)))
2163 } /* repeat step2 until all transactions are done. */
2166 if(ssl_connect_3 == connssl->connecting_state) {
2167 result = darwinssl_connect_step3(conn, sockindex);
2172 if(ssl_connect_done == connssl->connecting_state) {
2173 connssl->state = ssl_connection_complete;
2174 conn->recv[sockindex] = darwinssl_recv;
2175 conn->send[sockindex] = darwinssl_send;
2181 /* Reset our connect state machine */
2182 connssl->connecting_state = ssl_connect_1;
2188 Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
2192 return darwinssl_connect_common(conn, sockindex, TRUE, done);
2196 Curl_darwinssl_connect(struct connectdata *conn,
2202 result = darwinssl_connect_common(conn, sockindex, FALSE, &done);
2212 void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
2214 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2216 if(connssl->ssl_ctx) {
2217 (void)SSLClose(connssl->ssl_ctx);
2218 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
2219 if(SSLCreateContext != NULL)
2220 CFRelease(connssl->ssl_ctx);
2221 #if CURL_SUPPORT_MAC_10_8
2223 (void)SSLDisposeContext(connssl->ssl_ctx);
2224 #endif /* CURL_SUPPORT_MAC_10_8 */
2226 (void)SSLDisposeContext(connssl->ssl_ctx);
2227 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
2228 connssl->ssl_ctx = NULL;
2230 connssl->ssl_sockfd = 0;
2233 int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
2235 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2236 struct SessionHandle *data = conn->data;
2242 if(!connssl->ssl_ctx)
2245 if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
2248 Curl_darwinssl_close(conn, sockindex);
2252 what = Curl_socket_ready(conn->sock[sockindex],
2253 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
2257 /* anything that gets here is fatally bad */
2258 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2263 if(!what) { /* timeout */
2264 failf(data, "SSL shutdown timeout");
2268 /* Something to read, let's do it and hope that it is the close
2269 notify alert from the server. No way to SSL_Read now, so use read(). */
2271 nread = read(conn->sock[sockindex], buf, sizeof(buf));
2274 failf(data, "read: %s", strerror(errno));
2281 what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
2287 void Curl_darwinssl_session_free(void *ptr)
2289 /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
2290 cached session ID inside the Security framework. There is a private
2291 function that does this, but I don't want to have to explain to you why I
2292 got your application rejected from the App Store due to the use of a
2293 private API, so the best we can do is free up our own char array that we
2294 created way back in darwinssl_connect_step1... */
2298 size_t Curl_darwinssl_version(char *buffer, size_t size)
2300 return snprintf(buffer, size, "SecureTransport");
2304 * This function uses SSLGetSessionState to determine connection status.
2307 * 1 means the connection is still in place
2308 * 0 means the connection has been closed
2309 * -1 means the connection status is unknown
2311 int Curl_darwinssl_check_cxn(struct connectdata *conn)
2313 struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
2315 SSLSessionState state;
2317 if(connssl->ssl_ctx) {
2318 err = SSLGetSessionState(connssl->ssl_ctx, &state);
2320 return state == kSSLConnected || state == kSSLHandshake;
2326 bool Curl_darwinssl_data_pending(const struct connectdata *conn,
2329 const struct ssl_connect_data *connssl = &conn->ssl[connindex];
2333 if(connssl->ssl_ctx) { /* SSL is in use */
2334 err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
2336 return buffer > 0UL;
2343 int Curl_darwinssl_random(unsigned char *entropy,
2346 /* arc4random_buf() isn't available on cats older than Lion, so let's
2347 do this manually for the benefit of the older cats. */
2349 u_int32_t random_number = 0;
2351 for(i = 0 ; i < length ; i++) {
2352 if(i % sizeof(u_int32_t) == 0)
2353 random_number = arc4random();
2354 entropy[i] = random_number & 0xFF;
2355 random_number >>= 8;
2357 i = random_number = 0;
2361 void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
2363 unsigned char *md5sum, /* output */
2367 (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
2370 bool Curl_darwinssl_false_start(void) {
2371 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
2372 if(SSLSetSessionOption != NULL)
2378 static ssize_t darwinssl_send(struct connectdata *conn,
2384 /*struct SessionHandle *data = conn->data;*/
2385 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2386 size_t processed = 0UL;
2389 /* The SSLWrite() function works a little differently than expected. The
2390 fourth argument (processed) is currently documented in Apple's
2391 documentation as: "On return, the length, in bytes, of the data actually
2394 Now, one could interpret that as "written to the socket," but actually,
2395 it returns the amount of data that was written to a buffer internal to
2396 the SSLContextRef instead. So it's possible for SSLWrite() to return
2397 errSSLWouldBlock and a number of bytes "written" because those bytes were
2398 encrypted and written to a buffer, not to the socket.
2400 So if this happens, then we need to keep calling SSLWrite() over and
2401 over again with no new data until it quits returning errSSLWouldBlock. */
2403 /* Do we have buffered data to write from the last time we were called? */
2404 if(connssl->ssl_write_buffered_length) {
2405 /* Write the buffered data: */
2406 err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
2409 /* processed is always going to be 0 because we didn't write to
2410 the buffer, so return how much was written to the socket */
2411 processed = connssl->ssl_write_buffered_length;
2412 connssl->ssl_write_buffered_length = 0UL;
2414 case errSSLWouldBlock: /* argh, try again */
2415 *curlcode = CURLE_AGAIN;
2418 failf(conn->data, "SSLWrite() returned error %d", err);
2419 *curlcode = CURLE_SEND_ERROR;
2424 /* We've got new data to write: */
2425 err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
2428 case errSSLWouldBlock:
2429 /* Data was buffered but not sent, we have to tell the caller
2430 to try sending again, and remember how much was buffered */
2431 connssl->ssl_write_buffered_length = len;
2432 *curlcode = CURLE_AGAIN;
2435 failf(conn->data, "SSLWrite() returned error %d", err);
2436 *curlcode = CURLE_SEND_ERROR;
2441 return (ssize_t)processed;
2444 static ssize_t darwinssl_recv(struct connectdata *conn,
2450 /*struct SessionHandle *data = conn->data;*/
2451 struct ssl_connect_data *connssl = &conn->ssl[num];
2452 size_t processed = 0UL;
2453 OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
2457 case errSSLWouldBlock: /* return how much we read (if anything) */
2459 return (ssize_t)processed;
2460 *curlcode = CURLE_AGAIN;
2464 /* errSSLClosedGraceful - server gracefully shut down the SSL session
2465 errSSLClosedNoNotify - server hung up on us instead of sending a
2466 closure alert notice, read() is returning 0
2467 Either way, inform the caller that the server disconnected. */
2468 case errSSLClosedGraceful:
2469 case errSSLClosedNoNotify:
2470 *curlcode = CURLE_OK;
2475 failf(conn->data, "SSLRead() return error %d", err);
2476 *curlcode = CURLE_RECV_ERROR;
2481 return (ssize_t)processed;
2484 #endif /* USE_DARWINSSL */