* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#else
#include <cyassl/error.h>
#endif
-#include <cyassl/ctaocrypt/random.h>
/* The last #include file should be: */
#include "memdebug.h"
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(data->set.ssl.version) {
- default:
case CURL_SSLVERSION_DEFAULT:
+ /* we try to figure out version */
+ req_method = SSLv23_client_method();
+ break;
case CURL_SSLVERSION_TLSv1:
infof(data, "CyaSSL cannot be configured to use TLS 1.0-1.2, "
"TLS 1.0 is used exclusively\n");
case CURL_SSLVERSION_SSLv3:
req_method = SSLv3_client_method();
break;
+ default:
+ req_method = TLSv1_client_method();
}
if(!req_method) {
data->set.str[STRING_SSL_CAFILE],
data->set.str[STRING_SSL_CAPATH])) {
if(data->set.ssl.verifypeer) {
- /* Fail if we insist on successfully verifying the server. */
+ /* Fail if we insiste on successfully verifying the server. */
failf(data,"error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
data->set.str[STRING_SSL_CAFILE]?
return CURLE_SSL_CACERT_BADFILE;
}
else {
- /* Just continue with a warning if no strict certificate
+ /* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "error setting certificate verify locations,"
" continuing anyway:\n");
}
#endif
}
-#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
- else if(ASN_NO_SIGNER_E == detail) {
- if(data->set.ssl.verifypeer) {
- failf(data, "\tCA signer not available for verification\n");
- return CURLE_SSL_CACERT_BADFILE;
- }
- else {
- /* Just continue with a warning if no strict certificate
- verification is required. */
- infof(data, "CA signer not available for verification, "
- "continuing anyway\n");
- }
- }
-#endif
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));
cyassl_connect_step3(struct connectdata *conn,
int sockindex)
{
- CURLcode result = CURLE_OK;
+ CURLcode retcode = CURLE_OK;
void *old_ssl_sessionid=NULL;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- bool incache;
+ int incache;
SSL_SESSION *our_ssl_sessionid;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
incache = FALSE;
}
}
-
if(!incache) {
- result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
- 0 /* unknown size */);
- if(result) {
+ retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+ 0 /* unknown size */);
+ if(retcode) {
failf(data, "failed to store ssl session");
- return result;
+ return retcode;
}
}
connssl->connecting_state = ssl_connect_done;
- return result;
+ return retcode;
}
bool nonblocking,
bool *done)
{
- CURLcode result;
+ CURLcode retcode;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
-
- result = cyassl_connect_step1(conn, sockindex);
- if(result)
- return result;
+ retcode = cyassl_connect_step1(conn, sockindex);
+ if(retcode)
+ return retcode;
}
while(ssl_connect_2 == connssl->connecting_state ||
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- result = cyassl_connect_step2(conn, sockindex);
- if(result || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return result;
+ retcode = cyassl_connect_step2(conn, sockindex);
+ if(retcode || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return retcode;
+
} /* repeat step2 until all transactions are done. */
- if(ssl_connect_3 == connssl->connecting_state) {
- result = cyassl_connect_step3(conn, sockindex);
- if(result)
- return result;
+ if(ssl_connect_3==connssl->connecting_state) {
+ retcode = cyassl_connect_step3(conn, sockindex);
+ if(retcode)
+ return retcode;
}
- if(ssl_connect_done == connssl->connecting_state) {
+ if(ssl_connect_done==connssl->connecting_state) {
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = cyassl_recv;
conn->send[sockindex] = cyassl_send;
Curl_cyassl_connect(struct connectdata *conn,
int sockindex)
{
- CURLcode result;
+ CURLcode retcode;
bool done = FALSE;
- result = cyassl_connect_common(conn, sockindex, FALSE, &done);
- if(result)
- return result;
+ retcode = cyassl_connect_common(conn, sockindex, FALSE, &done);
+ if(retcode)
+ return retcode;
DEBUGASSERT(done);
return CURLE_OK;
}
-int Curl_cyassl_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length)
-{
- RNG rng;
- (void)data;
- if(InitRng(&rng))
- return 1;
- if(RNG_GenerateBlock(&rng, entropy, length))
- return 1;
- return 0;
-}
-
#endif
projects / platform / upstream / curl.git / blobdiff