Lines Matching refs:data
148 struct Curl_easy *data,
170 struct Curl_easy *data)
215 failf(data, "schannel: TLS 1.3 not supported on Windows prior to 11");
450 struct Curl_easy *data)
454 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
484 DEBUGF(infof(data, "schannel: disabled server certificate revocation "
491 DEBUGF(infof(data, "schannel: ignore revocation offline errors"));
496 DEBUGF(infof(data,
504 DEBUGF(infof(data,
510 DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from "
518 infof(data, "schannel: disabled automatic use of client certificate");
521 infof(data, "schannel: enabled automatic use of client certificate");
531 result = schannel_set_ssl_version_min_max(&enabled_protocols, cf, data);
538 failf(data, "SSL versions not supported");
541 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
547 if(data->set.ssl.primary.clientcert || data->set.ssl.primary.cert_blob) {
557 bool blob = data->set.ssl.primary.cert_blob != NULL;
560 certdata = data->set.ssl.primary.cert_blob->data;
561 certsize = data->set.ssl.primary.cert_blob->len;
565 data->set.ssl.primary.clientcert);
572 if(result && (data->set.ssl.primary.clientcert[0]!='\0'))
573 fInCert = fopen(data->set.ssl.primary.clientcert, "rb");
576 failf(data, "schannel: Failed to get certificate location"
578 data->set.ssl.primary.clientcert);
584 if((fInCert || blob) && (data->set.ssl.cert_type) &&
585 (!strcasecompare(data->set.ssl.cert_type, "P12"))) {
586 failf(data, "schannel: certificate format compatibility error "
588 blob ? "(memory blob)" : data->set.ssl.primary.clientcert);
603 "(memory blob)" : data->set.ssl.primary.clientcert;
623 failf(data, "schannel: Failed to read cert file %s",
624 data->set.ssl.primary.clientcert);
630 /* Convert key-pair data to the in-memory certificate store */
634 if(data->set.ssl.key_passwd)
635 pwd_len = strlen(data->set.ssl.key_passwd);
641 data->set.ssl.key_passwd,
664 failf(data, "schannel: Failed to import cert file %s, "
668 failf(data, "schannel: Failed to import cert file %s, "
679 failf(data, "schannel: Failed to get certificate from file %s"
695 failf(data, "schannel: Failed to open cert store %lx %s, "
736 if(data->set.ssl.primary.clientcert || data->set.ssl.primary.cert_blob) {
737 failf(data, "schannel: client cert support not built in");
746 failf(data, "schannel: unable to allocate memory");
840 failf(data, "schannel: Unknown TLS 1.3 cipher: %.*s", (int)n, namep);
855 failf(data, "schannel: All available TLS 1.3 ciphers were disabled");
990 infof(data, "schannel: WARNING: This version of Schannel may "
995 failf(data, "schannel: This version of Schannel does not support "
1002 failf(data, "schannel: Failed setting algorithm cipher list");
1032 failf(data, "schannel: AcquireCredentialsHandle failed: %s",
1052 schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
1059 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
1072 DEBUGF(infof(data,
1080 infof(data, "schannel: Windows version is old and may not be able to "
1112 failf(data, "schannel: this version of Windows is too old to support "
1121 failf(data, "schannel: CA cert support not built in");
1131 Curl_ssl_sessionid_lock(data);
1132 if(!Curl_ssl_getsessionid(cf, data, (void **)&old_cred, NULL)) {
1134 DEBUGF(infof(data, "schannel: reusing existing credential handle"));
1138 DEBUGF(infof(data,
1142 Curl_ssl_sessionid_unlock(data);
1147 result = schannel_acquire_credential_handle(cf, data);
1163 infof(data, "schannel: using IP address, SNI is not supported by OS.");
1175 of bytes of data in the rest of the buffer. */
1180 ALPN data, as opposed to NPN, for example. */
1194 failf(data, "Error setting ALPN");
1197 memcpy(&alpn_buffer[cur], proto.data, proto.len);
1208 infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
1236 failf(data, "schannel: unable to allocate memory");
1259 failf(data, "schannel: initial InitializeSecurityContext failed: %s",
1263 failf(data, "schannel: SNI or certificate check failed: %s",
1278 failf(data, "schannel: initial InitializeSecurityContext failed: %s",
1284 DEBUGF(infof(data, "schannel: sending initial handshake data: "
1287 /* send initial handshake data which is now stored in output buffer */
1288 written = Curl_conn_cf_send(cf->next, data,
1293 failf(data, "schannel: failed to send initial handshake data: "
1298 DEBUGF(infof(data, "schannel: sent initial handshake data: "
1314 schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
1336 DEBUGF(infof(data,
1343 /* buffer to store previously received and decrypted data */
1349 failf(data, "schannel: unable to allocate memory");
1354 /* buffer to store previously received and encrypted data */
1361 failf(data, "schannel: unable to allocate memory");
1369 /* increase internal encrypted data buffer */
1376 failf(data, "schannel: unable to re-allocate memory");
1387 /* read encrypted handshake data from socket */
1388 nread = Curl_conn_cf_recv(cf->next, data,
1397 DEBUGF(infof(data, "schannel: failed to receive handshake, "
1398 "need more data"));
1402 failf(data, "schannel: failed to receive handshake, "
1407 /* increase encrypted data buffer offset */
1410 DEBUGF(infof(data, "schannel: encrypted data got %zd", nread));
1413 DEBUGF(infof(data,
1414 "schannel: encrypted data buffer: offset %zu length %zu",
1430 failf(data, "schannel: unable to allocate memory");
1434 /* copy received handshake data into input buffer */
1444 /* free buffer for received handshake data */
1451 DEBUGF(infof(data,
1452 "schannel: received incomplete message, need more data"));
1463 DEBUGF(infof(data,
1473 DEBUGF(infof(data, "schannel: sending next handshake data: "
1477 written = Curl_conn_cf_send(cf->next, data,
1482 failf(data, "schannel: failed to send next handshake data: "
1498 failf(data, "schannel: next InitializeSecurityContext failed: %s",
1502 failf(data, "schannel: SNI or certificate check failed: %s",
1506 failf(data, "schannel: %s",
1521 failf(data, "schannel: next InitializeSecurityContext failed: %s",
1527 /* check if there was additional remaining encrypted data */
1529 DEBUGF(infof(data, "schannel: encrypted data length: %lu",
1532 There are two cases where we could be getting extra data here:
1534 complete (from the server perspective), it can encrypted app data
1535 (not handshake data) in an extra buffer at this point.
1537 connection and this extra data is part of the handshake.
1538 We should process the data immediately; waiting for the socket to
1539 be ready may fail since the server is done sending handshake data.
1541 /* check if the remaining data is less than the total amount
1542 and therefore begins after the already processed data */
1569 DEBUGF(infof(data, "schannel: SSL/TLS handshake complete"));
1573 data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
1574 data->set.str[STRING_SSL_PINNEDPUBLICKEY];
1576 result = schannel_pkp_pin_peer_pubkey(cf, data, pubkey_ptr);
1578 failf(data, "SSL: public key does not match pinned public key");
1586 return Curl_verify_certificate(cf, data);
1593 return Curl_verify_host(cf, data);
1649 struct Curl_easy *data;
1666 args->result = Curl_extract_certinfo(args->data, insert_index,
1674 schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
1679 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
1690 DEBUGF(infof(data,
1700 failf(data, "schannel: failed to setup sequence detection");
1702 failf(data, "schannel: failed to setup replay detection");
1704 failf(data, "schannel: failed to setup confidentiality");
1706 failf(data, "schannel: failed to setup memory allocation");
1708 failf(data, "schannel: failed to setup stream orientation");
1720 failf(data, "schannel: failed to retrieve ALPN result");
1728 Curl_alpn_set_negotiated(cf, data, alpn_result.ProtocolId,
1735 failf(data, "schannel: server selected an ALPN protocol too late");
1742 Curl_alpn_set_negotiated(cf, data, NULL, 0);
1747 /* save the current session data for possible reuse */
1753 Curl_ssl_sessionid_lock(data);
1754 incache = !(Curl_ssl_getsessionid(cf, data, (void **)&old_cred, NULL));
1757 DEBUGF(infof(data,
1760 Curl_ssl_delsessionid(data, (void *)old_cred);
1765 result = Curl_ssl_addsessionid(cf, data, backend->cred,
1769 Curl_ssl_sessionid_unlock(data);
1770 failf(data, "schannel: failed to store credential handle");
1776 DEBUGF(infof(data,
1780 Curl_ssl_sessionid_unlock(data);
1783 if(data->set.ssl.certinfo) {
1791 failf(data, "schannel: failed to retrieve remote cert context");
1797 result = Curl_ssl_init_certinfo(data, certs_count);
1800 args.data = data;
1818 struct Curl_easy *data,
1823 curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
1835 timeout_ms = Curl_timeleft(data, NULL, TRUE);
1839 failf(data, "SSL/TLS connection timeout");
1843 result = schannel_connect_step1(cf, data);
1853 timeout_ms = Curl_timeleft(data, NULL, TRUE);
1857 failf(data, "SSL/TLS connection timeout");
1874 failf(data, "select/poll on SSL/TLS socket, errno: %d", SOCKERRNO);
1884 failf(data, "SSL/TLS connection timeout");
1898 result = schannel_connect_step2(cf, data);
1908 result = schannel_connect_step3(cf, data);
1942 schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
1984 /* setup output buffers (header, data, trailer, empty) */
1995 /* copy data into output buffer */
2006 /* send the encrypted message including header, data and trailer */
2012 data a coherent message has not been delivered and the client
2016 tell the client that all data it has requested to be sent has been
2021 send the buffered data? Looking at who calls this function, it
2029 timediff_t timeout_ms = Curl_timeleft(data, NULL, FALSE);
2032 failf(data, "schannel: timed out sending data "
2040 what = SOCKET_WRITABLE(Curl_conn_cf_get_socket(cf, data), timeout_ms);
2043 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2049 failf(data, "schannel: timed out sending data "
2057 this_write = Curl_conn_cf_send(cf->next, data,
2081 /* Encrypted message including header, data and trailer entirely sent.
2089 schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
2113 * Our priority is to always return as much decrypted data to the caller as
2115 * always be valid. Transfer of decrypted data to the caller's buffer is
2119 DEBUGF(infof(data, "schannel: client wants to read %zu bytes", len));
2123 infof(data, "schannel: enough decrypted data is already available");
2128 infof(data, "schannel: an unrecoverable error occurred in a prior call");
2132 /* once a server has indicated shutdown there is no more encrypted data */
2133 infof(data, "schannel: server indicated shutdown in a prior call");
2138 immediately because there may be data to decrypt (in the case we want to
2139 decrypt all encrypted cached data) so handle !len later in cleanup.
2142 /* increase enc buffer in order to fit the requested amount of data */
2155 failf(data, "schannel: unable to re-allocate memory");
2162 DEBUGF(infof(data, "schannel: encdata_buffer resized %zu",
2166 DEBUGF(infof(data,
2167 "schannel: encrypted data buffer: offset %zu length %zu",
2170 /* read encrypted data from socket */
2171 nread = Curl_conn_cf_recv(cf->next, data,
2178 DEBUGF(infof(data,
2181 infof(data, "schannel: recv returned CURLE_RECV_ERROR");
2183 infof(data, "schannel: recv returned error %d", *err);
2187 DEBUGF(infof(data, "schannel: server closed the connection"));
2192 DEBUGF(infof(data, "schannel: encrypted data got %zd", nread));
2196 DEBUGF(infof(data,
2197 "schannel: encrypted data buffer: offset %zu length %zu",
2204 /* prepare data buffer for DecryptMessage call */
2223 /* check for successfully decrypted data, even before actual
2226 DEBUGF(infof(data, "schannel: decrypted data length: %lu",
2229 /* increase buffer in order to fit the received amount of data */
2234 /* increase internal decrypted data buffer */
2236 /* make sure that the requested amount of data fits */
2244 failf(data, "schannel: unable to re-allocate memory");
2251 /* copy decrypted data to internal buffer */
2259 DEBUGF(infof(data, "schannel: decrypted data added: %zu", size));
2260 DEBUGF(infof(data,
2265 /* check for remaining encrypted data */
2267 DEBUGF(infof(data, "schannel: encrypted data length: %lu",
2270 /* check if the remaining data is less than the total amount
2271 * and therefore begins after the already processed data
2274 /* move remaining encrypted data forward to the beginning of
2282 DEBUGF(infof(data,
2287 /* reset encrypted buffer offset, because there is no data remaining */
2293 infof(data, "schannel: remote party requests renegotiation");
2295 infof(data, "schannel: can't renegotiate, an error is pending");
2300 infof(data, "schannel: renegotiating SSL/TLS connection");
2304 *err = schannel_connect_common(cf, data, FALSE, &done);
2307 infof(data, "schannel: renegotiation failed");
2310 /* now retry receiving data */
2312 infof(data, "schannel: SSL/TLS connection renegotiated");
2322 infof(data, "schannel: server closed the connection");
2331 infof(data, "schannel: failed to decrypt data, need more data");
2337 infof(data, "schannel: failed to read data from server: %s",
2345 DEBUGF(infof(data,
2346 "schannel: encrypted data buffer: offset %zu length %zu",
2349 DEBUGF(infof(data,
2350 "schannel: decrypted data buffer: offset %zu length %zu",
2355 DEBUGF(infof(data, "schannel: schannel_recv cleanup"));
2377 infof(data, "schannel: server closed abruptly (missing close_notify)");
2391 DEBUGF(infof(data, "schannel: decrypted data returned %zu", size));
2392 DEBUGF(infof(data,
2393 "schannel: decrypted data buffer: offset %zu length %zu",
2413 struct Curl_easy *data,
2416 return schannel_connect_common(cf, data, TRUE, done);
2420 struct Curl_easy *data)
2425 result = schannel_connect_common(cf, data, FALSE, &done);
2435 const struct Curl_easy *data)
2441 (void)data;
2476 struct Curl_easy *data)
2485 DEBUGASSERT(data);
2489 infof(data, "schannel: shutting down SSL/TLS connection with %s port %d",
2510 failf(data, "schannel: ApplyControlToken failure: %s",
2534 ssize_t written = Curl_conn_cf_send(cf->next, data,
2539 infof(data, "schannel: failed to send close msg: %s"
2547 DEBUGF(infof(data, "schannel: clear security context handle"));
2554 Curl_ssl_sessionid_lock(data);
2556 Curl_ssl_sessionid_unlock(data);
2560 /* free internal buffer for received encrypted data */
2568 /* free internal buffer for received decrypted data */
2578 static void schannel_close(struct Curl_cfilter *cf, struct Curl_easy *data)
2580 schannel_shutdown(cf, data);
2600 static CURLcode schannel_random(struct Curl_easy *data UNUSED_PARAM,
2603 (void)data;
2609 struct Curl_easy *data,
2640 failf(data, "schannel: Failed to read remote certificate context: %s",
2658 failf(data, "SSL: failed retrieving public key from server certificate");
2662 result = Curl_pin_peer_pubkey(data,
2667 failf(data, "SSL: public key does not match pinned public key");
2691 * return old data
2747 const struct Curl_easy *data)
2750 struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi;
2753 const struct ssl_general_config *cfg = &data->set.general_ssl;
2794 schannel_sha256sum((const unsigned char *)ca_info_blob->data,
2815 const struct Curl_easy *data,
2819 struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi;
2848 schannel_sha256sum((const unsigned char *)ca_info_blob->data,
2863 /* free old cache data */
2927 schannel_recv, /* recv decrypted data */
2928 schannel_send, /* send data to encrypt */