* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
#include "cookie.h"
#include "formdata.h"
-#ifdef USE_SSLEAY
#ifdef USE_OPENSSL
-#include <openssl/rsa.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
#include <openssl/ssl.h>
-#include <openssl/err.h>
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
-#ifdef HAVE_OPENSSL_PKCS12_H
-#include <openssl/pkcs12.h>
-#endif
-#else /* SSLeay-style includes */
-#include <rsa.h>
-#include <crypto.h>
-#include <x509.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <engine.h>
-#endif
-#ifdef HAVE_OPENSSL_PKCS12_H
-#include <pkcs12.h>
-#endif
#endif /* USE_OPENSSL */
-#ifdef USE_GNUTLS
-#error Configuration error; cannot use GnuTLS *and* OpenSSL.
-#endif
-#endif /* USE_SSLEAY */
#ifdef USE_GNUTLS
#include <gnutls/gnutls.h>
#endif
-#ifdef USE_POLARSSL
+#ifdef USE_MBEDTLS
+
+#include <mbedtls/ssl.h>
+#include <mbedtls/version.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+
+#elif defined USE_POLARSSL
+
#include <polarssl/ssl.h>
#include <polarssl/version.h>
#if POLARSSL_VERSION_NUMBER<0x01010000
#include <polarssl/entropy.h>
#include <polarssl/ctr_drbg.h>
#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
+
#endif /* USE_POLARSSL */
#ifdef USE_CYASSL
#endif
#ifdef USE_AXTLS
+#include <axTLS/config.h>
#include <axTLS/ssl.h>
#undef malloc
#undef calloc
#define HEADERSIZE 256
#define CURLEASY_MAGIC_NUMBER 0xc0dedbadU
+#define GOOD_EASY_HANDLE(x) \
+ ((x) && (((struct SessionHandle *)(x))->magic == CURLEASY_MAGIC_NUMBER))
/* Some convenience macros to get the larger/smaller value out of two given.
We prefix with CURL to prevent name collisions. */
current state of the connection. */
bool use;
ssl_connection_state state;
-#ifdef USE_NGHTTP2
- bool asked_for_h2;
-#endif
-#ifdef USE_SSLEAY
+ ssl_connect_state connecting_state;
+#if defined(USE_OPENSSL)
/* these ones requires specific SSL-types */
SSL_CTX* ctx;
SSL* handle;
X509* server_cert;
- ssl_connect_state connecting_state;
-#endif /* USE_SSLEAY */
-#ifdef USE_GNUTLS
+#elif defined(USE_GNUTLS)
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
#ifdef USE_TLS_SRP
gnutls_srp_client_credentials_t srp_client_cred;
#endif
- ssl_connect_state connecting_state;
-#endif /* USE_GNUTLS */
-#ifdef USE_POLARSSL
+#elif defined(USE_MBEDTLS)
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_session ssn;
+ int server_fd;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_x509_crl crl;
+ mbedtls_pk_context pk;
+ mbedtls_ssl_config config;
+ const char *protocols[3];
+#elif defined(USE_POLARSSL)
ctr_drbg_context ctr_drbg;
entropy_context entropy;
ssl_context ssl;
x509_crt clicert;
x509_crl crl;
rsa_context rsa;
- ssl_connect_state connecting_state;
-#endif /* USE_POLARSSL */
-#ifdef USE_CYASSL
+#elif defined(USE_CYASSL)
SSL_CTX* ctx;
SSL* handle;
- ssl_connect_state connecting_state;
-#endif /* USE_CYASSL */
-#ifdef USE_NSS
+#elif defined(USE_NSS)
PRFileDesc *handle;
char *client_nickname;
struct SessionHandle *data;
struct curl_llist *obj_list;
PK11GenericObject *obj_clicert;
- ssl_connect_state connecting_state;
-#endif /* USE_NSS */
-#ifdef USE_GSKIT
+#elif defined(USE_GSKIT)
gsk_handle handle;
int iocport;
- ssl_connect_state connecting_state;
-#endif
-#ifdef USE_AXTLS
+#elif defined(USE_AXTLS)
SSL_CTX* ssl_ctx;
SSL* ssl;
- ssl_connect_state connecting_state;
-#endif /* USE_AXTLS */
-#ifdef USE_SCHANNEL
+#elif defined(USE_SCHANNEL)
struct curl_schannel_cred *cred;
struct curl_schannel_ctxt *ctxt;
SecPkgContext_StreamSizes stream_sizes;
- ssl_connect_state connecting_state;
size_t encdata_length, decdata_length;
size_t encdata_offset, decdata_offset;
unsigned char *encdata_buffer, *decdata_buffer;
unsigned long req_flags, ret_flags;
-#endif /* USE_SCHANNEL */
-#ifdef USE_DARWINSSL
+ CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
+ bool recv_sspi_close_notify; /* true if connection closed by close_notify */
+ bool recv_connection_closed; /* true if connection closed, regardless how */
+#elif defined(USE_DARWINSSL)
SSLContextRef ssl_ctx;
curl_socket_t ssl_sockfd;
- ssl_connect_state connecting_state;
bool ssl_direction; /* true if writing, false if reading */
size_t ssl_write_buffered_length;
-#endif /* USE_DARWINSSL */
+#elif defined(USE_SSL)
+#error "SSL backend specific information missing from ssl_connect_data"
+#endif
};
struct ssl_config_data {
bool verifypeer; /* set TRUE if this is desired */
bool verifyhost; /* set TRUE if CN/SAN must match hostname */
+ bool verifystatus; /* set TRUE if certificate status must be checked */
char *CApath; /* certificate dir (doesn't work on windows) */
char *CAfile; /* certificate to verify peer against */
const char *CRLfile; /* CRL to check certificate revocation */
void *fsslctxp; /* parameter for call back */
bool sessionid; /* cache session IDs or not */
bool certinfo; /* gather lots of certificate info */
+ bool falsestart;
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */
requests */
bool netrc; /* name+password provided by netrc */
bool userpwd_in_url; /* name+password found in url */
-
- bool done; /* set to FALSE when Curl_do() is called and set to TRUE
- when Curl_done() is called, to prevent Curl_done() to
- get invoked twice when the multi interface is
- used. */
bool stream_was_rewound; /* Indicates that the stream was rewound after a
request read past the end of its response byte
boundary */
bool bound; /* set true if bind() has already been done on this socket/
connection */
bool type_set; /* type= was used in the URL */
+ bool multiplex; /* connection is multiplexed */
};
struct hostname {
UPGR101_WORKING /* talking upgraded protocol */
};
-enum negotiatenpn {
- NPN_INIT, /* default state */
- NPN_HTTP1_1, /* HTTP/1.1 negotiated */
- NPN_HTTP2 /* HTTP2 (draft-xx) negotiated */
-};
-
/*
* Request specific data in the easy handle (SessionHandle). Previously,
* these members were on the connectdata struct but since a conn struct may
#define IDENTITY 0 /* No encoding */
#define DEFLATE 1 /* zlib deflate [RFC 1950 & 1951] */
#define GZIP 2 /* gzip algorithm [RFC 1952] */
-#define COMPRESS 3 /* Not handled, added for completeness */
#ifdef HAVE_LIBZ
zlibInitState zlib_init; /* possible zlib init state;
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
- char *xoauth2_bearer; /* bearer token for xoauth2, allocated */
+ char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
char *proxyuser; /* proxy user name string, allocated */
char *proxypasswd; /* proxy password string, allocated */
struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
struct ssl_config_data ssl_config;
+ bool tls_upgraded;
struct ConnectBits bits; /* various state-flags for this connection */
/*************** Request - specific items ************/
- /* previously this was in the urldata struct */
- curl_read_callback fread_func; /* function that reads the input */
- void *fread_in; /* pointer to pass to the fread() above */
-
#if defined(USE_NTLM)
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
} tunnel_state[2]; /* two separate ones to allow FTP */
struct connectbundle *bundle; /* The bundle we are member of */
- enum negotiatenpn negnpn;
+ int negnpn; /* APLN or NPN TLS negotiated protocol, CURL_HTTP_VERSION* */
};
/* The end of connectdata. */
void *resolver; /* resolver state, if it is used in the URL state -
ares_channel f.e. */
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
ENGINE *engine;
-#endif /* USE_SSLEAY */
+#endif /* USE_OPENSSL */
struct timeval expiretime; /* set this with Curl_expire() only */
struct Curl_tree timenode; /* for the splay stuff */
struct curl_llist *timeoutlist; /* list of pending timeouts */
curl_off_t infilesize; /* size of file to upload, -1 means unknown.
Copied from set.filesize at start of operation */
+
+ int drain; /* Increased when this stream has data to read, even if its
+ socket not necessarily is readable. Decreased when
+ checked. */
+ bool done; /* set to FALSE when Curl_do() is called and set to TRUE when
+ Curl_done() is called, to prevent Curl_done() to get invoked
+ twice when the multi interface is used. */
+
+ curl_read_callback fread_func; /* read callback/function */
+ void *in; /* CURLOPT_READDATA */
+
+ struct SessionHandle *stream_depends_on;
+ bool stream_depends_e; /* set or don't set the Exclusive bit */
+ int stream_weight;
};
STRING_COOKIE, /* HTTP cookie string to send */
STRING_COOKIEJAR, /* dump all cookies to this file */
STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */
+ STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL doesn't specify */
STRING_DEVICE, /* local network interface/address to use */
STRING_ENCODING, /* Accept-Encoding string */
STRING_FTP_ACCOUNT, /* ftp account data */
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_PROXY_SERVICE_NAME, /* Proxy service name */
+ STRING_SERVICE_NAME, /* Service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
long proxyport; /* If non-zero, use this port number by default. If the
proxy string features a ":[port]" that one will override
this. */
- void *out; /* the fetched file goes here */
- void *in; /* the uploaded file is read from here */
+ void *out; /* CURLOPT_WRITEDATA */
+ void *in_set; /* CURLOPT_READDATA */
void *writeheader; /* write the header to this if non-NULL */
void *rtp_out; /* write RTP to this if non-NULL */
long use_port; /* which port to use (when not using default) */
curl_write_callback fwrite_func; /* function that stores the output */
curl_write_callback fwrite_header; /* function that stores headers */
curl_write_callback fwrite_rtp; /* function that stores interleaved RTP */
- curl_read_callback fread_func; /* function that reads the input */
+ curl_read_callback fread_func_set; /* function that reads the input */
int is_fread_set; /* boolean, has read callback been set to non-NULL? */
int is_fwrite_set; /* boolean, has write callback been set to non-NULL? */
curl_progress_callback fprogress; /* OLD and deprecated progress callback */
long connecttimeout; /* in milliseconds, 0 means no timeout */
long accepttimeout; /* in milliseconds, 0 means no timeout */
long server_response_timeout; /* in milliseconds, 0 means no timeout */
- long tftp_blksize ; /* in bytes, 0 means use default */
+ long tftp_blksize; /* in bytes, 0 means use default */
+ bool tftp_no_options; /* do not send TFTP options requests */
curl_off_t filesize; /* size of file to upload, -1 means unknown */
long low_speed_limit; /* bytes/second */
long low_speed_time; /* number of seconds */
bool connect_only; /* make connection, let application use the socket */
bool ssl_enable_beast; /* especially allow this flaw for interoperability's
sake*/
+ bool ssl_no_revoke; /* disable SSL certificate revocation checks */
long ssh_auth_types; /* allowed SSH auth types */
bool http_te_skip; /* pass the raw body data to the user, even when
transfer-encoded (chunked, compressed) */
bool ssl_enable_npn; /* TLS NPN extension? */
bool ssl_enable_alpn; /* TLS ALPN extension? */
-
+ bool path_as_is; /* allow dotdots? */
+ bool pipewait; /* wait for pipe/multiplex status before starting a
+ new connection */
long expect_100_timeout; /* in milliseconds */
+
+ struct SessionHandle *stream_depends_on;
+ bool stream_depends_e; /* set or don't set the Exclusive bit */
+ int stream_weight;
};
struct Names {