Lines Matching refs:data
79 #define SSLSESSION_SHARED(data) (data->share && \
80 (data->share->specifier & \
106 /* only if there's data to dupe! */
115 d->data = (void *)((char *)d + sizeof(struct curl_blob));
116 memcpy(d->data, src->data, src->len);
131 return !memcmp(first->data, second->data, first->len); /* same data */
161 void Curl_ssl_easy_config_init(struct Curl_easy *data)
167 data->set.ssl.primary.verifypeer = TRUE;
168 data->set.ssl.primary.verifyhost = TRUE;
169 data->set.ssl.primary.sessionid = TRUE; /* session ID caching by default */
171 data->set.proxy_ssl = data->set.ssl;
176 match_ssl_primary_config(struct Curl_easy *data,
180 (void)data;
208 bool Curl_ssl_conn_config_match(struct Curl_easy *data,
214 return match_ssl_primary_config(data, &data->set.proxy_ssl.primary,
219 return match_ssl_primary_config(data, &data->set.ssl.primary,
274 CURLcode Curl_ssl_easy_config_complete(struct Curl_easy *data)
276 data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH];
277 data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE];
278 data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
279 data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
280 data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT];
281 data->set.ssl.primary.cipher_list =
282 data->set.str[STRING_SSL_CIPHER_LIST];
283 data->set.ssl.primary.cipher_list13 =
284 data->set.str[STRING_SSL_CIPHER13_LIST];
285 data->set.ssl.primary.pinned_key =
286 data->set.str[STRING_SSL_PINNEDPUBLICKEY];
287 data->set.ssl.primary.cert_blob = data->set.blobs[BLOB_CERT];
288 data->set.ssl.primary.ca_info_blob = data->set.blobs[BLOB_CAINFO];
289 data->set.ssl.primary.curves = data->set.str[STRING_SSL_EC_CURVES];
291 data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
292 data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
294 data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
295 data->set.ssl.key = data->set.str[STRING_KEY];
296 data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
297 data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
298 data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
299 data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
302 data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
303 data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
304 data->set.proxy_ssl.primary.cipher_list =
305 data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
306 data->set.proxy_ssl.primary.cipher_list13 =
307 data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
308 data->set.proxy_ssl.primary.pinned_key =
309 data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY];
310 data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY];
311 data->set.proxy_ssl.primary.ca_info_blob =
312 data->set.blobs[BLOB_CAINFO_PROXY];
313 data->set.proxy_ssl.primary.issuercert =
314 data->set.str[STRING_SSL_ISSUERCERT_PROXY];
315 data->set.proxy_ssl.primary.issuercert_blob =
316 data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
317 data->set.proxy_ssl.primary.CRLfile =
318 data->set.str[STRING_SSL_CRLFILE_PROXY];
319 data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
320 data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
321 data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
322 data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY];
323 data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
324 data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
326 data->set.proxy_ssl.primary.username =
327 data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
328 data->set.proxy_ssl.primary.password =
329 data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
336 CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data,
342 if(!clone_ssl_primary_config(&data->set.ssl.primary, &conn->ssl_config))
345 if(!clone_ssl_primary_config(&data->set.proxy_ssl.primary,
360 void Curl_ssl_conn_config_update(struct Curl_easy *data, bool for_proxy)
363 if(data->conn) {
366 src = for_proxy? &data->set.proxy_ssl.primary : &data->set.ssl.primary;
367 dest = for_proxy? &data->conn->proxy_ssl_config : &data->conn->ssl_config;
370 src = &data->set.ssl.primary;
371 dest = &data->conn->ssl_config;
431 static bool ssl_prefs_check(struct Curl_easy *data)
434 const unsigned char sslver = data->set.ssl.primary.version;
436 failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
440 switch(data->set.ssl.primary.version_max) {
446 if((data->set.ssl.primary.version_max >> 16) < sslver) {
447 failf(data, "CURL_SSLVERSION_MAX incompatible with CURL_SSLVERSION");
455 static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data,
460 (void)data;
482 static CURLcode ssl_connect(struct Curl_cfilter *cf, struct Curl_easy *data)
487 if(!ssl_prefs_check(data))
493 result = Curl_ssl->connect_blocking(cf, data);
503 ssl_connect_nonblocking(struct Curl_cfilter *cf, struct Curl_easy *data,
506 if(!ssl_prefs_check(data))
510 return Curl_ssl->connect_nonblocking(cf, data, done);
514 * Lock shared SSL session data
516 void Curl_ssl_sessionid_lock(struct Curl_easy *data)
518 if(SSLSESSION_SHARED(data))
519 Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
523 * Unlock shared SSL session data
525 void Curl_ssl_sessionid_unlock(struct Curl_easy *data)
527 if(SSLSESSION_SHARED(data))
528 Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
536 struct Curl_easy *data,
542 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
554 if(!ssl_config->primary.sessionid || !data->state.session)
560 if(SSLSESSION_SHARED(data))
561 general_age = &data->share->sessionage;
563 general_age = &data->state.sessionage;
565 for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
566 check = &data->state.session[i];
579 match_ssl_primary_config(data, conn_config, &check->ssl_config)) {
591 DEBUGF(infof(data, "%s Session ID in cache for %s %s://%s:%d",
623 void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid)
627 for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
628 struct Curl_ssl_session *check = &data->state.session[i];
644 struct Curl_easy *data,
650 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
663 if(!data->state.session)
666 store = &data->state.session[0];
667 oldest_age = data->state.session[0].age; /* zero if unused */
694 if(SSLSESSION_SHARED(data)) {
695 general_age = &data->share->sessionage;
698 general_age = &data->state.sessionage;
702 for(i = 1; (i < data->set.general_ssl.max_ssl_sessions) &&
703 data->state.session[i].sessionid; i++) {
704 if(data->state.session[i].age < oldest_age) {
705 oldest_age = data->state.session[i].age;
706 store = &data->state.session[i];
709 if(i == data->set.general_ssl.max_ssl_sessions)
713 store = &data->state.session[i]; /* use this slot */
740 DEBUGF(infof(data, "Added Session ID to cache for %s://%s:%d [%s]",
752 void Curl_ssl_close_all(struct Curl_easy *data)
755 if(data->state.session && !SSLSESSION_SHARED(data)) {
757 for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
759 Curl_ssl_kill_session(&data->state.session[i]);
761 /* free the cache data */
762 Curl_safefree(data->state.session);
765 Curl_ssl->close_all(data);
768 void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data,
773 curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data);
776 Curl_pollset_set_out_only(data, ps, sock);
779 Curl_pollset_set_in_only(data, ps, sock);
787 CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine)
789 return Curl_ssl->set_engine(data, engine);
794 CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data)
796 return Curl_ssl->set_engine_default(data);
800 struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data)
802 return Curl_ssl->engines_list(data);
809 CURLcode Curl_ssl_initsessions(struct Curl_easy *data, size_t amount)
813 if(data->state.session)
822 data->set.general_ssl.max_ssl_sessions = amount;
823 data->state.session = session;
824 data->state.sessionage = 1; /* this is brand new */
839 void Curl_ssl_free_certinfo(struct Curl_easy *data)
841 struct curl_certinfo *ci = &data->info.certs;
857 CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num)
859 struct curl_certinfo *ci = &data->info.certs;
863 Curl_ssl_free_certinfo(data);
879 CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data,
885 struct curl_certinfo *ci = &data->info.certs;
909 CURLcode Curl_ssl_random(struct Curl_easy *data,
913 return Curl_ssl->random(data, entropy, length);
978 CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
986 (void)data;
1023 infof(data, " public key hash: sha256//%s", encoded);
1144 bool Curl_ssl_false_start(struct Curl_easy *data)
1146 (void)data;
1163 struct Curl_easy *data UNUSED_PARAM)
1165 (void)data;
1170 int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
1173 (void)data;
1177 CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM,
1181 (void)data;
1187 void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM)
1189 (void)data;
1198 const struct Curl_easy *data UNUSED_PARAM)
1201 (void)data;
1210 CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM,
1213 (void)data;
1218 CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM)
1220 (void)data;
1224 struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM)
1226 (void)data;
1243 struct Curl_easy *data)
1247 return Curl_ssl->connect_blocking(cf, data);
1251 struct Curl_easy *data,
1256 return Curl_ssl->connect_nonblocking(cf, data, done);
1260 struct Curl_easy *data,
1265 Curl_ssl->adjust_pollset(cf, data, ps);
1276 static void multissl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
1280 Curl_ssl->close(cf, data);
1284 struct Curl_easy *data,
1289 return Curl_ssl->recv_plain(cf, data, buf, len, code);
1293 struct Curl_easy *data,
1299 return Curl_ssl->send_plain(cf, data, mem, len, code);
1330 multissl_recv_plain, /* recv decrypted data */
1331 multissl_send_plain, /* send data to encrypt */
1518 static void cf_close(struct Curl_cfilter *cf, struct Curl_easy *data)
1522 Curl_ssl->close(cf, data);
1611 static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
1615 CF_DATA_SAVE(save, cf, data);
1616 cf_close(cf, data);
1623 struct Curl_easy *data)
1627 CF_DATA_SAVE(save, cf, data);
1628 cf_close(cf, data);
1630 cf->next->cft->do_close(cf->next, data);
1635 struct Curl_easy *data,
1647 CF_DATA_SAVE(save, cf, data);
1648 CURL_TRC_CF(data, cf, "cf_connect()");
1650 DEBUGASSERT(data->conn);
1651 DEBUGASSERT(data->conn == cf->conn);
1655 result = cf->next->cft->do_connect(cf->next, data, blocking, done);
1665 result = ssl_connect(cf, data);
1669 result = ssl_connect_nonblocking(cf, data, done);
1678 CURL_TRC_CF(data, cf, "cf_connect() -> %d, done=%d", result, *done);
1684 const struct Curl_easy *data)
1689 CF_DATA_SAVE(save, cf, data);
1690 if(Curl_ssl->data_pending(cf, data))
1693 result = cf->next->cft->has_data_pending(cf->next, data);
1699 struct Curl_easy *data, const void *buf, size_t len,
1705 CF_DATA_SAVE(save, cf, data);
1707 nwritten = Curl_ssl->send_plain(cf, data, buf, len, err);
1713 struct Curl_easy *data, char *buf, size_t len,
1720 CF_DATA_SAVE(save, cf, data);
1725 nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);
1728 /* we EAGAINed after having reed data, return the success amount */
1744 CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,
1751 struct Curl_easy *data,
1757 CF_DATA_SAVE(save, cf, data);
1758 Curl_ssl->adjust_pollset(cf, data, ps);
1764 struct Curl_easy *data,
1774 CF_DATA_SAVE(save, cf, data);
1775 Curl_ssl->attach_data(cf, data);
1781 CF_DATA_SAVE(save, cf, data);
1782 Curl_ssl->detach_data(cf, data);
1793 struct Curl_easy *data,
1809 cf->next->cft->query(cf->next, data, query, pres1, pres2) :
1813 static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data,
1826 CF_DATA_SAVE(save, cf, data);
1827 result = Curl_ssl->check_cxn(cf, data);
1839 cf->next->cft->is_alive(cf->next, data, input_pending) :
1840 FALSE; /* pessimistic in absence of data */
1884 struct Curl_easy *data,
1891 DEBUGASSERT(data->conn);
1893 ctx = cf_ctx_new(data, alpn_get_spec(data->state.httpwant,
1909 CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
1916 result = cf_ssl_create(&cf, data, conn);
1918 Curl_conn_cf_add(data, conn, sockindex, cf);
1923 struct Curl_easy *data)
1928 result = cf_ssl_create(&cf, data, cf_at->conn);
1937 struct Curl_easy *data,
1953 ctx = cf_ctx_new(data, alpn_get_spec(httpwant, use_alpn));
1968 struct Curl_easy *data)
1973 result = cf_ssl_proxy_create(&cf, data, cf_at->conn);
1981 bool Curl_ssl_supports(struct Curl_easy *data, int option)
1983 (void)data;
2001 void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex,
2006 if(data->conn) {
2009 cf = get_ssl_filter(data->conn->cfilter[sockindex]);
2012 CF_DATA_SAVE(save, cf, data);
2020 CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
2026 (void)data;
2027 head = data->conn? data->conn->cfilter[sockindex] : NULL;
2030 if(Curl_ssl->shut_down(cf, data))
2032 Curl_conn_cf_discard_sub(head, cf, data, FALSE);
2050 Curl_ssl_cf_get_config(struct Curl_cfilter *cf, struct Curl_easy *data)
2054 return &data->set.ssl;
2056 return Curl_ssl_cf_is_proxy(cf)? &data->set.proxy_ssl : &data->set.ssl;
2084 if(off + blen + 1 >= (int)sizeof(buf->data))
2086 buf->data[off++] = blen;
2087 memcpy(buf->data + off, spec->entries[i], blen);
2105 if(off + len + 2 >= sizeof(buf->data))
2108 buf->data[off++] = ',';
2109 memcpy(buf->data + off, spec->entries[i], len);
2112 buf->data[off] = '\0';
2118 struct Curl_easy *data,
2153 failf(data, "unsupported ALPN protocol: '%.*s'", (int)proto_len, proto);
2159 infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, (int)proto_len, proto);
2163 infof(data, VTLS_INFOF_NO_ALPN);
2168 Curl_multiuse_state(data, can_multi?